samba - Sep 2019 - Problems with Internal DNS Samba 4

Hi,

Failed to change DNS:

samba_upgradedns --dns-backend=BIND9_DLZ
Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/bind-dns/dns/EMPRESA.COM.BR.zone
DNS records will be automatically created
DNS partitions already exist
Adding dns-samba4-dc1 account
Failed to create link /var/lib/samba/private/dns.keytab ->
/var/lib/samba/bind-d

ns/dns.keytab: No such file or directory
Failed to chown /var/lib/samba/bind-dns to bind gid 121
Failed to chown /var/lib/samba/bind-dns/dns.keytab to bind gid 121
Traceback (most recent call last):
  File "/usr/sbin/samba_upgradedns", line 533, in <module>
    create_dns_dir(logger, paths)
  File "/usr/lib/python3/dist-packages/samba/provision/sambadns.py",
line
704, i
                                                n create_dns_dir
    os.mkdir(dns_dir, 0o770)
FileNotFoundError: [Errno 2] No such file or directory:
'/var/lib/samba/bind-dns

Regards,

M?rcio Bacci

Em seg, 2 de set de 2019 ?s 07:31, Rowland penny via samba <
samba at lists.samba.org> escreveu:
> On 02/09/2019 11:11, Marcio Demetrio Bacci wrote:
> >
> > Hi,
> >
> > >No, you shouldn't have to, have you followed this first:
> > I followed, but there are instructions in this tutorial to configure
> > Bind9_DLZ first, as below:
> >
> >   * Set up and configure the |BIND9_DLZ| back end. For details, see
> >     BIND9_DLZ Back End
> >     <https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End>.
> >
> I will have a look and alter it if required.
> >
> > > What version of Samba is this ?
> > Samba 4.10.7
> >
> > >Yours will probably be '/var/lib/samba'
> > No, there aren't in my DC (I have searched with find / -name
<file>).
> If you were running a DC using the internal dns server and haven't
> upgraded to Bind9 yet, then there will be no Samba Bind9 related files
&
> directories yet, they get created by the dns server upgrade and they
> will be created in /var/lib/samba/bind-dns
> >
> >  Will files ( "/usr/local/samba/bind-dns/named.conf" and
"dns.keytab"
> > ) be created after I run the command samba_upgradedns
> > --dns-backend=BIND9_DLZ ?
>
> Yes, but not at that path ;-)
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Hi,

I believe it's all right now. I just changed the file paths.

samba_upgradedns --dns-backend=BIND9_DLZ
Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/bind-dns/dns/EMPRESA.COM.BR.zone
DNS records will be automatically created
DNS partitions already exist
dns-samba4-dc1 account already exists
See /var/lib/samba/bind-dns/named.conf for an example configuration include
file for BIND
and /var/lib/samba/bind-dns/named.txt for further documentation required
for secure DNS updates
Finished upgrading DNS
You have switched to using BIND9_DLZ as your dns backend, but still have
the internal dns starting. Please make sure you add '-dns' to your
server
services line in your smb.conf.
root at samba4-dc1:/var/lib/samba#
root at samba4-dc1:/var/lib/samba#
root at samba4-dc1:/var/lib/samba# mcedit /etc/samba/smb.conf

 cat /etc/samba/smb.conf
# Global parameters
[global]
        netbios name = SAMBA4-DC1
        realm = EMPRESA.COM.BR
        workgroup = EMPRESA
        server role = active directory domain controller
        server services = -dns
        dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
        ldap server require strong auth = no

[netlogon]
        path = /var/lib/samba/sysvol/empresa.com.br/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


 /etc/init.d/bind9 status
? bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
   Active: active (running) since Mon 2019-09-02 08:28:13 -03; 3s ago
     Docs: man:named(8)
 Main PID: 13296 (named)
    Tasks: 7 (limit: 4720)
   CGroup: /system.slice/bind9.service
           ??13296 /usr/sbin/named -f -u bind -4

set 02 08:28:13 samba4-dc1 named[13296]: set up managed keys zone for view
_default, file 'managed-keys.bind'
set 02 08:28:13 samba4-dc1 named[13296]: configuring command channel from
'/etc/bind/rndc.key'
set 02 08:28:13 samba4-dc1 named[13296]: command channel listening on
127.0.0.1#953
set 02 08:28:13 samba4-dc1 named[13296]: managed-keys-zone: loaded serial 0
set 02 08:28:13 samba4-dc1 named[13296]: zone 0.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: zone localhost/IN: loaded serial 2
set 02 08:28:13 samba4-dc1 named[13296]: zone 255.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: zone 127.in-addr.arpa/IN: loaded
serial 1
set 02 08:28:13 samba4-dc1 named[13296]: all zones loaded
set 02 08:28:13 samba4-dc1 named[13296]: running



root at samba4-dc1:ls -lai /var/lib/samba/private/sam.ldb.d/
total 162292
920703 drwx------ 2 root root     4096 set  2 08:16 .
920705 drwxr-xr-x 7 root root     4096 set  2 08:17 ..
920726 -rw------- 1 root root 40189952 set  2 08:29
CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920725 -rw------- 1 root root 26583040 set  2 08:29
CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920733 -rw-rw---- 2 root bind 14692352 set  2 08:29
DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920734 -rw-rw---- 2 root bind  4210688 set  2 08:29
DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920731 -rw------- 1 root root 79663104 set  2 08:29
DC=EMPRESA,DC=COM,DC=BR.ldb
920708 -rw-rw---- 2 root bind   831488 set  2 08:16 metadata.tdb


root at samba4-dc1:/var/lib/samba# ls -lai
/var/lib/samba/bind-dns/dns/sam.ldb.d/
total 36220
920471 drwxrwx--- 2 root bind     4096 set  2 08:16 .
919793 drwxrwx--- 3 root bind     4096 set  2 08:16 ..
920736 -rw-rw---- 1 root bind  8601600 set  2 08:16
CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920732 -rw-rw---- 1 root bind  7446528 set  2 08:16
CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
920733 -rw-rw---- 2 root bind 14692352 set  2 08:31
DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920734 -rw-rw---- 2 root bind  4210688 set  2 08:31
DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
920601 -rw-rw---- 1 root bind  1286144 set  2 08:16
DC=EMPRESA,DC=COM,DC=BR.ldb
920708 -rw-rw---- 2 root bind   831488 set  2 08:16 metadata.tdb

Do I do the same procedures on DC2 ?

Regards,

M?rcio Bacci

Em seg, 2 de set de 2019 ?s 08:07, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:
> Hi,
>
> Failed to change DNS:
>
> samba_upgradedns --dns-backend=BIND9_DLZ
> Reading domain information
> DNS accounts already exist
> No zone file /var/lib/samba/bind-dns/dns/EMPRESA.COM.BR.zone
> DNS records will be automatically created
> DNS partitions already exist
> Adding dns-samba4-dc1 account
> Failed to create link /var/lib/samba/private/dns.keytab ->
> /var/lib/samba/bind-d
>
> ns/dns.keytab: No such file or directory
> Failed to chown /var/lib/samba/bind-dns to bind gid 121
> Failed to chown /var/lib/samba/bind-dns/dns.keytab to bind gid 121
> Traceback (most recent call last):
>   File "/usr/sbin/samba_upgradedns", line 533, in <module>
>     create_dns_dir(logger, paths)
>   File
"/usr/lib/python3/dist-packages/samba/provision/sambadns.py", line
> 704, i
>                                                 n create_dns_dir
>     os.mkdir(dns_dir, 0o770)
> FileNotFoundError: [Errno 2] No such file or directory:
> '/var/lib/samba/bind-dns
>
> Regards,
>
> M?rcio Bacci
>
> Em seg, 2 de set de 2019 ?s 07:31, Rowland penny via samba <
> samba at lists.samba.org> escreveu:
>
>> On 02/09/2019 11:11, Marcio Demetrio Bacci wrote:
>> >
>> > Hi,
>> >
>> > >No, you shouldn't have to, have you followed this first:
>> > I followed, but there are instructions in this tutorial to
configure
>> > Bind9_DLZ first, as below:
>> >
>> >   * Set up and configure the |BIND9_DLZ| back end. For details,
see
>> >     BIND9_DLZ Back End
>> >    
<https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End>.
>> >
>> I will have a look and alter it if required.
>> >
>> > > What version of Samba is this ?
>> > Samba 4.10.7
>> >
>> > >Yours will probably be '/var/lib/samba'
>> > No, there aren't in my DC (I have searched with find / -name
<file>).
>> If you were running a DC using the internal dns server and haven't
>> upgraded to Bind9 yet, then there will be no Samba Bind9 related files
&
>> directories yet, they get created by the dns server upgrade and they
>> will be created in /var/lib/samba/bind-dns
>> >
>> >  Will files ( "/usr/local/samba/bind-dns/named.conf" and
"dns.keytab"
>> > ) be created after I run the command samba_upgradedns
>> > --dns-backend=BIND9_DLZ ?
>>
>> Yes, but not at that path ;-)
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

Hi,

My DNS Service isn't working properly!

root at samba4-dc1:~#  host -t SRV _kerberos._udp.EMPRESA.COM.BR
;; connection timed out; no servers could be reached
root at samba4-dc1:~# host -t SRV _ldap._tcp.EMPRESA.COM.BR
;; connection timed out; no servers could be reached
root at samba4-dc1:~# host -t A EMPRESA.COM.BR
;; connection timed out; no servers could be reached
root at samba4-dc1:~# host -t A proxy-server
;; connection timed out; no servers could be reached

What should I do?

Regards,

M?rcio Bacci

Em seg, 2 de set de 2019 ?s 08:41, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:
> Hi,
>
> I believe it's all right now. I just changed the file paths.
>
> samba_upgradedns --dns-backend=BIND9_DLZ
> Reading domain information
> DNS accounts already exist
> No zone file /var/lib/samba/bind-dns/dns/EMPRESA.COM.BR.zone
> DNS records will be automatically created
> DNS partitions already exist
> dns-samba4-dc1 account already exists
> See /var/lib/samba/bind-dns/named.conf for an example configuration
> include file for BIND
> and /var/lib/samba/bind-dns/named.txt for further documentation required
> for secure DNS updates
> Finished upgrading DNS
> You have switched to using BIND9_DLZ as your dns backend, but still have
> the internal dns starting. Please make sure you add '-dns' to your
server
> services line in your smb.conf.
> root at samba4-dc1:/var/lib/samba#
> root at samba4-dc1:/var/lib/samba#
> root at samba4-dc1:/var/lib/samba# mcedit /etc/samba/smb.conf
>
>  cat /etc/samba/smb.conf
> # Global parameters
> [global]
>         netbios name = SAMBA4-DC1
>         realm = EMPRESA.COM.BR
>         workgroup = EMPRESA
>         server role = active directory domain controller
>         server services = -dns
>         dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
>         ldap server require strong auth = no
>
> [netlogon]
>         path = /var/lib/samba/sysvol/empresa.com.br/scripts
>         read only = No
>
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
>
>
>  /etc/init.d/bind9 status
> ? bind9.service - BIND Domain Name Server
>    Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
> preset: enabled)
>    Active: active (running) since Mon 2019-09-02 08:28:13 -03; 3s ago
>      Docs: man:named(8)
>  Main PID: 13296 (named)
>     Tasks: 7 (limit: 4720)
>    CGroup: /system.slice/bind9.service
>            ??13296 /usr/sbin/named -f -u bind -4
>
> set 02 08:28:13 samba4-dc1 named[13296]: set up managed keys zone for view
> _default, file 'managed-keys.bind'
> set 02 08:28:13 samba4-dc1 named[13296]: configuring command channel from
> '/etc/bind/rndc.key'
> set 02 08:28:13 samba4-dc1 named[13296]: command channel listening on
> 127.0.0.1#953
> set 02 08:28:13 samba4-dc1 named[13296]: managed-keys-zone: loaded serial 0
> set 02 08:28:13 samba4-dc1 named[13296]: zone 0.in-addr.arpa/IN: loaded
> serial 1
> set 02 08:28:13 samba4-dc1 named[13296]: zone localhost/IN: loaded serial 2
> set 02 08:28:13 samba4-dc1 named[13296]: zone 255.in-addr.arpa/IN: loaded
> serial 1
> set 02 08:28:13 samba4-dc1 named[13296]: zone 127.in-addr.arpa/IN: loaded
> serial 1
> set 02 08:28:13 samba4-dc1 named[13296]: all zones loaded
> set 02 08:28:13 samba4-dc1 named[13296]: running
>
>
>
> root at samba4-dc1:ls -lai /var/lib/samba/private/sam.ldb.d/
> total 162292
> 920703 drwx------ 2 root root     4096 set  2 08:16 .
> 920705 drwxr-xr-x 7 root root     4096 set  2 08:17 ..
> 920726 -rw------- 1 root root 40189952 set  2 08:29
> CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920725 -rw------- 1 root root 26583040 set  2 08:29
> CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920733 -rw-rw---- 2 root bind 14692352 set  2 08:29
> DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920734 -rw-rw---- 2 root bind  4210688 set  2 08:29
> DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920731 -rw------- 1 root root 79663104 set  2 08:29
> DC=EMPRESA,DC=COM,DC=BR.ldb
> 920708 -rw-rw---- 2 root bind   831488 set  2 08:16 metadata.tdb
>
>
> root at samba4-dc1:/var/lib/samba# ls -lai
> /var/lib/samba/bind-dns/dns/sam.ldb.d/
> total 36220
> 920471 drwxrwx--- 2 root bind     4096 set  2 08:16 .
> 919793 drwxrwx--- 3 root bind     4096 set  2 08:16 ..
> 920736 -rw-rw---- 1 root bind  8601600 set  2 08:16
> CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920732 -rw-rw---- 1 root bind  7446528 set  2 08:16
> CN=SCHEMA,CN=CONFIGURATION,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920733 -rw-rw---- 2 root bind 14692352 set  2 08:31
> DC=DOMAINDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920734 -rw-rw---- 2 root bind  4210688 set  2 08:31
> DC=FORESTDNSZONES,DC=EMPRESA,DC=COM,DC=BR.ldb
> 920601 -rw-rw---- 1 root bind  1286144 set  2 08:16
> DC=EMPRESA,DC=COM,DC=BR.ldb
> 920708 -rw-rw---- 2 root bind   831488 set  2 08:16 metadata.tdb
>
> Do I do the same procedures on DC2 ?
>
> Regards,
>
> M?rcio Bacci
>
> Em seg, 2 de set de 2019 ?s 08:07, Marcio Demetrio Bacci <
> marciobacci at gmail.com> escreveu:
>
>> Hi,
>>
>> Failed to change DNS:
>>
>> samba_upgradedns --dns-backend=BIND9_DLZ
>> Reading domain information
>> DNS accounts already exist
>> No zone file /var/lib/samba/bind-dns/dns/EMPRESA.COM.BR.zone
>> DNS records will be automatically created
>> DNS partitions already exist
>> Adding dns-samba4-dc1 account
>> Failed to create link /var/lib/samba/private/dns.keytab ->
>> /var/lib/samba/bind-d
>>
>> ns/dns.keytab: No such file or directory
>> Failed to chown /var/lib/samba/bind-dns to bind gid 121
>> Failed to chown /var/lib/samba/bind-dns/dns.keytab to bind gid 121
>> Traceback (most recent call last):
>>   File "/usr/sbin/samba_upgradedns", line 533, in
<module>
>>     create_dns_dir(logger, paths)
>>   File
"/usr/lib/python3/dist-packages/samba/provision/sambadns.py", line
>> 704, i
>>                                                 n create_dns_dir
>>     os.mkdir(dns_dir, 0o770)
>> FileNotFoundError: [Errno 2] No such file or directory:
>> '/var/lib/samba/bind-dns
>>
>> Regards,
>>
>> M?rcio Bacci
>>
>> Em seg, 2 de set de 2019 ?s 07:31, Rowland penny via samba <
>> samba at lists.samba.org> escreveu:
>>
>>> On 02/09/2019 11:11, Marcio Demetrio Bacci wrote:
>>> >
>>> > Hi,
>>> >
>>> > >No, you shouldn't have to, have you followed this
first:
>>> > I followed, but there are instructions in this tutorial to
configure
>>> > Bind9_DLZ first, as below:
>>> >
>>> >   * Set up and configure the |BIND9_DLZ| back end. For
details, see
>>> >     BIND9_DLZ Back End
>>> >    
<https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End>.
>>> >
>>> I will have a look and alter it if required.
>>> >
>>> > > What version of Samba is this ?
>>> > Samba 4.10.7
>>> >
>>> > >Yours will probably be '/var/lib/samba'
>>> > No, there aren't in my DC (I have searched with find /
-name <file>).
>>> If you were running a DC using the internal dns server and
haven't
>>> upgraded to Bind9 yet, then there will be no Samba Bind9 related
files &
>>> directories yet, they get created by the dns server upgrade and
they
>>> will be created in /var/lib/samba/bind-dns
>>> >
>>> >  Will files ( "/usr/local/samba/bind-dns/named.conf"
and "dns.keytab"
>>> > ) be created after I run the command samba_upgradedns
>>> > --dns-backend=BIND9_DLZ ?
>>>
>>> Yes, but not at that path ;-)
>>>
>>> Rowland
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>