Benedikt Kaleß
2020-Apr-30 12:28 UTC
[Samba] bind9 refuses to start -> zone has no NS records
Thanks for the tip. I have still "zone has no NS records" This is the output (anonymized) of the script -- sorry, I will post it directly next time ;) Collected config? --- 2020-04-30-15:25 ----------- Hostname: addc-jor02 DNS Domain: example.com FQDN: addc-jor02.example.com ipaddress: 192.168.40.24 ----------- Kerberos SRV _kerberos._tcp.example.com record verified ok, sample output: Server:??? ??? 192.168.168.48 Address:??? 192.168.168.48#53 _kerberos._tcp.example.com ?? service = 0 100 88 addc-ho-1.example.com. _kerberos._tcp.example.com ?? service = 0 100 88 addc-jor01.example.com. _kerberos._tcp.example.com ?? service = 0 100 88 addc-lbn1.example.com. _kerberos._tcp.example.com ?? service = 0 100 88 addc-ho-hos1.example.com. Samba is not being run as a DC or a Unix domain member. ----------- ?????? Checking file: /etc/os-release PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" ----------- This computer is running Debian 10.3 x86_64 ----------- running command : ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 ??? link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 ??? inet 127.0.0.1/8 scope host lo ??? inet6 ::1/128 scope host 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 ??? link/ether 52:54:00:9d:c7:c1 brd ff:ff:ff:ff:ff:ff ??? inet 192.168.40.24/24 brd 192.168.40.255 scope global ens3 ??? inet6 fe80::5054:ff:fe9d:c7c1/64 scope link ----------- ?????? Checking file: /etc/hosts 127.0.0.1??? localhost 192.168.40.24??? addc-jor02.example.com ?? addc-jor02 # The following lines are desirable for IPv6 capable hosts ::1???? localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters ----------- ?????? Checking file: /etc/resolv.conf domain example.com search example.com. #nameserver 192.168.40.22 #nameserver 192.168.168.46 nameserver 192.168.168.48 ----------- ?????? Checking file: /etc/krb5.conf [libdefaults] ??? default_realm = example.com ??? dns_lookup_realm = false ??? dns_lookup_kdc = true ----------- ?????? Checking file: /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd:???????? files systemd group:????????? files systemd shadow:???????? files gshadow:??????? files hosts:????????? files dns networks:?????? files protocols:????? db files services:?????? db files ethers:???????? db files rpc:??????????? db files netgroup:?????? nis ----------- ??? Warning,? does not exist ----------- Installed packages: ii? krb5-config????????????????????? 2.6???????????????????????? all????????? Configuration files for Kerberos Version 5 ii? krb5-locales???????????????????? 1.17-3????????????????????? all????????? internationalization support for MIT Kerberos ii? libacl1:amd64??????????????????? 2.2.53-4??????????????????? amd64??????? access control list - shared library ii? libattr1:amd64?????????????????? 1:2.4.48-4????????????????? amd64??????? extended attribute handling - shared library ii? libgssapi-krb5-2:amd64?????????? 1.17-3????????????????????? amd64??????? MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii? libkrb5-26-heimdal:amd64???????? 7.5.0+dfsg-3??????????????? amd64??????? Heimdal Kerberos - libraries ii? libkrb5-3:amd64????????????????? 1.17-3????????????????????? amd64??????? MIT Kerberos runtime libraries ii? libkrb5support0:amd64??????????? 1.17-3????????????????????? amd64??????? MIT Kerberos runtime libraries - Support library ii? libwbclient0:amd64?????????????? 99:4.11.8-7???????????????? amd64??????? Glue package for sernet-samba-libs. ii? sernet-samba???????????????????? 99:4.11.8-7???????????????? amd64??????? SMB/CIFS file, print, and login server for Unix ii? sernet-samba-ad????????????????? 99:4.11.8-7???????????????? amd64??????? Samba Active Directory Domain Controller ii? sernet-samba-client????????????? 99:4.11.8-7???????????????? amd64??????? a LanManager-like simple client for Unix ii? sernet-samba-common????????????? 99:4.11.8-7???????????????? all????????? Samba common files used by both the server and the client ii? sernet-samba-keyring???????????? 1.9???????????????????????? all????????? GnuPG archive keys of the SerNet Samba archive ii? sernet-samba-libs:amd64????????? 99:4.11.8-7???????????????? amd64??????? Samba common library files used by both the server and the client ii? sernet-samba-libsmbclient0:amd64 99:4.11.8-7???????????????? amd64??????? Shared library that allows applications to talk to SMB servers ii? sernet-samba-winbind???????????? 99:4.11.8-7???????????????? amd64??????? Samba nameservice integration server ----------- Am 30.04.20 um 14:17 schrieb L.P.H. van Belle via samba:> Try this. > > systemctl edit bind9 > #/etc/systemd/system/bind9.service.d/override.conf > [Service] > ExecReload> > sytemctl edit samba-ad-dc.service > #/etc/systemd/system/samba-ad-dc.service.d/override.conf > [Unit] > After=network.target network-online.target bind9.service > > systemctl daemon-reload > > systemctl restart bind9 samba-ad-dc > > If that does not work, then, can you run this script: > https://github.com/thctlo/samba4/raw/master/samba-collect-debug-info.sh > > Anonimize where needed, shows all i want to know. > At least, its a good start ;-) > > Greetz, > > Louis > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Benedikt Kale? via samba > > Verzonden: donderdag 30 april 2020 14:09 > > Aan: samba at lists.samba.org >> samba > > Onderwerp: [Samba] bind9 refuses to start -> zone has no NS records > > > > Hi, > > > > I have to add a second DC to a Zone. > > I use the sernet packages Version 4.11 on a debian 10 host. > > > > The bind refuses to start: > > > > root at addc-zone02:~# systemctl status bind9 > > ??? bind9.service - BIND Domain Name Server > > Loaded: loaded (/lib/systemd/system/bind9.service; > > enabled; vendor preset: enabled) > > Active: failed (Result: exit-code) since Thu 2020-04-30 > > 14:51:58 EEST; 5s ago > > Docs: man:named(8) > > Process: 3733 ExecStart=/usr/sbin/named $OPTIONS > > (code=exited, status=1/FAILURE) > > Tasks: 0 (limit: 4701) > > Memory: 624.0K > > CGroup: /system.slice/bind9.service > > > > Apr 30 14:51:58 addc-zone02 named[3734]: Loading 'AD DNS > > Zone' using driver dlopen > > Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz: started > > for DN DC=example,DC=com > > Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz: starting configure > > Apr 30 14:51:58 addc-zone02 named[3734]: zone > > 21.168.192.in-addr.arpa/NONE: has no NS records > > Apr 30 14:51:58 addc-zone02 named[3734]: samba_dlz: Failed to > > configure zone '21.168.192.in-addr.arpa' > > Apr 30 14:51:58 addc-zone02 named[3734]: loading > > configuration: bad zone > > Apr 30 14:51:58 addc-zone02 named[3734]: exiting (due to fatal error) > > Apr 30 14:51:58 addc-zone02 systemd[1]: bind9.service: > > Control process exited, code=exited, status=1/FAILURE > > Apr 30 14:51:58 addc-zone02 systemd[1]: bind9.service: Failed > > with result 'exit-code'. > > Apr 30 14:51:58 addc-zone02 systemd[1]: Failed to start BIND > > Domain Name Server. > > > > 21.168.192.in-addr.arpa is an empty zone and I deleted that > > zone with the Windows DNS tool. > > > > I have another DC where bind9 is running. I copied > > /etc/bind/named.conf.options and /etc/bind/named.conf.local > > I also double checked permissions in /var/lib/samba/bind-dns > > and /var/lib/samba/private > > > > Any tips are welcome. How can I start bind9 or where should I > > look for errors? > > > > Best > > Benedikt > > > > -- > > forumZFD > > Entschieden f?r Frieden|Committed to Peace > > > > Benedikt Kale? > > Leiter Team IT|Head team IT > > > > Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service > > Am K?lner Brett 8 | 50825 K?ln | Germany > > > > Tel 0221 91273233 | Fax 0221 91273299 | > > http://www.forumZFD.de > > > > Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board: > > Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, > > Alexander Mauz > > VR 17651 Amtsgericht K?ln > > > > Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > >-- forumZFD Entschieden f?r Frieden|Committed to Peace Benedikt Kale? Leiter Team IT|Head team IT Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service Am K?lner Brett 8 | 50825 K?ln | Germany Tel 0221 91273233 | Fax 0221 91273299 | http://www.forumZFD.de Vorstand nach ? 26 BGB, einzelvertretungsberechtigt|Executive Board: Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz VR 17651 Amtsgericht K?ln Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
Rowland penny
2020-Apr-30 12:42 UTC
[Samba] bind9 refuses to start -> zone has no NS records
On 30/04/2020 13:28, Benedikt Kale? via samba wrote:> Thanks for the tip. I have still "zone has no NS records" > > This is the output (anonymized) of the script -- sorry, I will post it > directly next time ;) > > Collected config? --- 2020-04-30-15:25 ----------- > > Hostname: addc-jor02 > DNS Domain: example.com > FQDN: addc-jor02.example.com > ipaddress: 192.168.40.24 > > ----------- > > Kerberos SRV _kerberos._tcp.example.com record verified ok, sample output: > Server:??? ??? 192.168.168.48 > Address:??? 192.168.168.48#53 > > _kerberos._tcp.example.com ?? service = 0 100 88 addc-ho-1.example.com. > _kerberos._tcp.example.com ?? service = 0 100 88 addc-jor01.example.com. > _kerberos._tcp.example.com ?? service = 0 100 88 addc-lbn1.example.com. > _kerberos._tcp.example.com ?? service = 0 100 88 addc-ho-hos1.example.com. > Samba is not being run as a DC or a Unix domain member.Have actually joined this computer as a DC to the domain> ?????? Checking file: /etc/resolv.conf > > domain example.com > search example.com. > #nameserver 192.168.40.22 > #nameserver 192.168.168.46 > nameserver 192.168.168.48If it has joined, it should use its own IP as the nameserver> > ----------- > > ?????? Checking file: /etc/krb5.conf > > [libdefaults] > ??? default_realm = example.com > ??? dns_lookup_realm = false > ??? dns_lookup_kdc = trueThe realm should be in uppercase> ??? Warning,? does not existYou do not seem to have a smb.conf, more evidence that the computer is not joined as a DC> > ----------- > > > Installed packages: > ii? krb5-config????????????????????? 2.6 > all????????? Configuration files for Kerberos Version 5You do not seem to have the acl & attr packages installed. Rowland
L.P.H. van Belle
2020-Apr-30 12:47 UTC
[Samba] bind9 refuses to start -> zone has no NS records
Aahh, how could i miss that one.. The server ip in resolv.conf .. Slapping head.. Good you're here also Rowland :-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: donderdag 30 april 2020 14:42 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] bind9 refuses to start -> zone has no > NS records > > On 30/04/2020 13:28, Benedikt Kale? via samba wrote: > > Thanks for the tip. I have still "zone has no NS records" > > > > This is the output (anonymized) of the script -- sorry, I > will post it > > directly next time ;) > > > > Collected config? --- 2020-04-30-15:25 ----------- > > > > Hostname: addc-jor02 > > DNS Domain: example.com > > FQDN: addc-jor02.example.com > > ipaddress: 192.168.40.24 > > > > ----------- > > > > Kerberos SRV _kerberos._tcp.example.com record verified ok, > sample output: > > Server:??? ??? 192.168.168.48 > > Address:??? 192.168.168.48#53 > > > > _kerberos._tcp.example.com ?? service = 0 100 88 > addc-ho-1.example.com. > > _kerberos._tcp.example.com ?? service = 0 100 88 > addc-jor01.example.com. > > _kerberos._tcp.example.com ?? service = 0 100 88 > addc-lbn1.example.com. > > _kerberos._tcp.example.com ?? service = 0 100 88 > addc-ho-hos1.example.com. > > Samba is not being run as a DC or a Unix domain member. > Have actually joined this computer as a DC to the domain > > ?????? Checking file: /etc/resolv.conf > > > > domain example.com > > search example.com. > > #nameserver 192.168.40.22 > > #nameserver 192.168.168.46 > > nameserver 192.168.168.48 > If it has joined, it should use its own IP as the nameserver > > > > ----------- > > > > ?????? Checking file: /etc/krb5.conf > > > > [libdefaults] > > ??? default_realm = example.com > > ??? dns_lookup_realm = false > > ??? dns_lookup_kdc = true > The realm should be in uppercase > > ??? Warning,? does not exist > You do not seem to have a smb.conf, more evidence that the > computer is > not joined as a DC > > > > ----------- > > > > > > Installed packages: > > ii? krb5-config????????????????????? 2.6 > > all????????? Configuration files for Kerberos Version 5 > > You do not seem to have the acl & attr packages installed. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2020-Apr-30 12:52 UTC
[Samba] bind9 refuses to start -> zone has no NS records
On 30/04/2020 13:47, L.P.H. van Belle via samba wrote:> Aahh, how could i miss that one.. The server ip in resolv.conf .. Slapping head.. > Good you're here also Rowland :-) >I am more worried that he doesn't seem to have a smb.conf file Rowland