Turritopsis Dohrnii Teo En Ming
2020-Feb-18 13:44 UTC
[Samba] Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?
Hi Louis, My /etc/named.conf has the following line: include "/usr/local/samba/bind-dns/named.conf"; My /usr/local/samba/bind-dns/named.conf has the following lines: # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support. # # This file should be included in your main BIND configuration file # # For example with # include "/usr/local/samba/bind-dns/named.conf"; # # This configures dynamically loadable zones (DLZ) from AD schema # Uncomment only single database line, depending on your BIND version # dlz "AD DNS Zone" { # For BIND 9.8.x # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so"; # For BIND 9.9.x # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so"; # For BIND 9.10.x # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_10.so"; # For BIND 9.11.x database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so"; # For BIND 9.12.x # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_12.so"; }; I am using CentOS 8.1 as the AD DC and I didn't touch AppArmor at all. I had SELinux disabled. ________________________________ From: L.P.H. van Belle <belle at bazuin.nl> Sent: Tuesday, February 18, 2020 9:29 PM To: samba at lists.samba.org <samba at lists.samba.org> Cc: Turritopsis Dohrnii Teo En Ming <ceo at teo-en-ming-corp.com> Subject: RE: [Samba] Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries? I had a quick look. At 3:31, the last line. Dnsupdate_namedupdate_done: FAILED.... On the AD-DC, your showing bind9 as resolving I suggest, verified if bind_DLZ is enabled. https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End And check: https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Turritopsis Dohrnii Teo En Ming via samba > Verzonden: dinsdag 18 februari 2020 14:17 > Aan: samba at lists.samba.org > CC: Turritopsis Dohrnii Teo En Ming > Onderwerp: [Samba] Why are ForeignSecurityPrincipals and > Managed Service Accounts empty with no entries? > > Good evening from Singapore, > > I have just setup Samba 4.11.6 and CentOS 8.1 as Active > Directory Domain Controller. > > Thread: Teo En Ming's Manual for Setting Up Samba 4.11.6 and > CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine as an > Active Directory Domain Controller (AD DC) > > Link: https://lists.samba.org/archive/samba/2020-February/228348.html > > Question is, why are my ForeignSecurityPrincipals and Managed > Service Accounts empty with no entries? > > Please watch my YouTube video clip for a visual > representation of the problem. > > YouTube video: Samba 4.11.6 and CentOS 8.1 as Active > Directory Domain Controller > > Link: https://www.youtube.com/watch?v=aBFQLy9aryY > > This is a short YouTube video clip of about 11 minutes. > > I am looking forward to your reply. > > Thank you very much. > > > > > > > -----BEGIN EMAIL SIGNATURE----- > > The Gospel for all Targeted Individuals (TIs): > > [The New York Times] Microwave Weapons Are Prime Suspect in Ills of > U.S. Embassy Workers > > Link: > https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-m > icrowave.html > > ************************************************************** > ****************************** > > > Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic > Qualifications as at 14 Feb 2019 and refugee seeking attempts > at the United Nations Refugee Agency Bangkok (21 Mar 2017), > in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): > > [1] https://tdtemcerts.wordpress.com/ > > [2] https://tdtemcerts.blogspot.sg/ > > [3] https://www.scribd.com/user/270125049/Teo-En-Ming > > -----END EMAIL SIGNATURE----- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Turritopsis Dohrnii Teo En Ming
2020-Feb-18 13:51 UTC
[Samba] Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?
Resend. ________________________________ From: Turritopsis Dohrnii Teo En Ming <ceo at teo-en-ming-corp.com> Sent: Tuesday, February 18, 2020 9:44 PM To: L.P.H. van Belle <belle at bazuin.nl>; samba at lists.samba.org <samba at lists.samba.org> Cc: Turritopsis Dohrnii Teo En Ming <ceo at teo-en-ming-corp.com> Subject: Re: [Samba] Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries? Hi Louis, My /etc/named.conf has the following line: include "/usr/local/samba/bind-dns/named.conf"; My /usr/local/samba/bind-dns/named.conf has the following lines: # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support. # # This file should be included in your main BIND configuration file # # For example with # include "/usr/local/samba/bind-dns/named.conf"; # # This configures dynamically loadable zones (DLZ) from AD schema # Uncomment only single database line, depending on your BIND version # dlz "AD DNS Zone" { # For BIND 9.8.x # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so"; # For BIND 9.9.x # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so"; # For BIND 9.10.x # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_10.so"; # For BIND 9.11.x database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so"; # For BIND 9.12.x # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_12.so"; }; I am using CentOS 8.1 as the AD DC and I didn't touch AppArmor at all. I had SELinux disabled. ________________________________ From: L.P.H. van Belle <belle at bazuin.nl> Sent: Tuesday, February 18, 2020 9:29 PM To: samba at lists.samba.org <samba at lists.samba.org> Cc: Turritopsis Dohrnii Teo En Ming <ceo at teo-en-ming-corp.com> Subject: RE: [Samba] Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries? I had a quick look. At 3:31, the last line. Dnsupdate_namedupdate_done: FAILED.... On the AD-DC, your showing bind9 as resolving I suggest, verified if bind_DLZ is enabled. https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End And check: https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Turritopsis Dohrnii Teo En Ming via samba > Verzonden: dinsdag 18 februari 2020 14:17 > Aan: samba at lists.samba.org > CC: Turritopsis Dohrnii Teo En Ming > Onderwerp: [Samba] Why are ForeignSecurityPrincipals and > Managed Service Accounts empty with no entries? > > Good evening from Singapore, > > I have just setup Samba 4.11.6 and CentOS 8.1 as Active > Directory Domain Controller. > > Thread: Teo En Ming's Manual for Setting Up Samba 4.11.6 and > CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine as an > Active Directory Domain Controller (AD DC) > > Link: https://lists.samba.org/archive/samba/2020-February/228348.html > > Question is, why are my ForeignSecurityPrincipals and Managed > Service Accounts empty with no entries? > > Please watch my YouTube video clip for a visual > representation of the problem. > > YouTube video: Samba 4.11.6 and CentOS 8.1 as Active > Directory Domain Controller > > Link: https://www.youtube.com/watch?v=aBFQLy9aryY > > This is a short YouTube video clip of about 11 minutes. > > I am looking forward to your reply. > > Thank you very much. > > > > > > > -----BEGIN EMAIL SIGNATURE----- > > The Gospel for all Targeted Individuals (TIs): > > [The New York Times] Microwave Weapons Are Prime Suspect in Ills of > U.S. Embassy Workers > > Link: > https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-m > icrowave.html > > ************************************************************** > ****************************** > > > Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic > Qualifications as at 14 Feb 2019 and refugee seeking attempts > at the United Nations Refugee Agency Bangkok (21 Mar 2017), > in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): > > [1] https://tdtemcerts.wordpress.com/ > > [2] https://tdtemcerts.blogspot.sg/ > > [3] https://www.scribd.com/user/270125049/Teo-En-Ming > > -----END EMAIL SIGNATURE----- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Rowland penny
2020-Feb-18 14:11 UTC
[Samba] Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?
On 18/02/2020 13:44, Turritopsis Dohrnii Teo En Ming via samba wrote:> Hi Louis, > > My /etc/named.conf has the following line: > > include "/usr/local/samba/bind-dns/named.conf"; >That isn't helpful, all DC's get that (or a version of it), we need to see what you have altered (or haven't altered). Rowland
Turritopsis Dohrnii Teo En Ming
2020-Feb-19 00:07 UTC
[Samba] Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?
Hi Rowland, This is my full /etc/named.conf: // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { localhost; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ include "/etc/crypto-policies/back-ends/bind.config"; tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab"; minimal-responses yes; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/usr/local/samba/bind-dns/named.conf"; [root at dc1 bind-dns]# cd /usr/local/samba/etc [root at dc1 etc]# cat smb.conf # Global parameters [global] netbios name = DC1 realm = TEO-EN-MING.CORP server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = TEO-EN-MING idmap_ldb:use rfc2307 = yes [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [netlogon] path = /usr/local/samba/var/locks/sysvol/teo-en-ming.corp/scripts read only = No [root at dc1 etc]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { localhost; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */ include "/etc/crypto-policies/back-ends/bind.config"; tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab"; minimal-responses yes; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/usr/local/samba/bind-dns/named.conf"; ________________________________ From: samba <samba-bounces at lists.samba.org> on behalf of Rowland penny via samba <samba at lists.samba.org> Sent: Tuesday, February 18, 2020 10:11 PM To: samba at lists.samba.org <samba at lists.samba.org> Subject: Re: [Samba] Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries? On 18/02/2020 13:44, Turritopsis Dohrnii Teo En Ming via samba wrote:> Hi Louis, > > My /etc/named.conf has the following line: > > include "/usr/local/samba/bind-dns/named.conf"; >That isn't helpful, all DC's get that (or a version of it), we need to see what you have altered (or haven't altered). Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -----BEGIN EMAIL SIGNATURE----- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html ******************************************************************************************** Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): [1] https://tdtemcerts.wordpress.com/ [2] https://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming -----END EMAIL SIGNATURE-----
Reasonably Related Threads
- Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?
- Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?
- Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?
- Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?
- Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?