Packaged samba? You could say that. Gentoo downloads the source tarball,
add some patches, then compiles and installs it. As for samba_upgradedns
I'm not familiar with that and certainly didn't see it on the setup page
for BIND.? But I ran it just now:
Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/bind-dns/dns/HOME.EGLIFAMILY.NAME.zone
/usr/sbin/samba_upgradedns:338: DeprecationWarning: The 'warn' method is
deprecated, use 'warning' instead
? logger.warn("DNS records will be automatically created")
DNS records will be automatically created
DNS partitions already exist
Adding dns-pluto account
BIND version unknown, please modify /var/lib/samba/bind-dns/named.conf
manually.
See /var/lib/samba/bind-dns/named.conf for an example configuration
include file for BIND
and /var/lib/samba/bind-dns/named.txt for further documentation required
for secure DNS updates
Finished upgrading DNS
You have switched to using BIND9_DLZ as your dns backend, but still have
the internal dns starting. Please make sure you add '-dns' to your
server services line in your smb.conf.
I imagine that's because the script looks for up to bind 9.12, but the
latest is 9.16. So I manually edited my named.conf file:
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba/bind-dns/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
??? database "dlopen /usr/lib/samba/bind9/dlz_bind9_12.so";
};
Hope that's correct. After running the samba_dnsupgrade I have TWO
dns.keytab files:
locate dns.keytab
/var/lib/samba/bind-dns/dns.keytab
/var/lib/samba/private/dns.keytab
Which should I be looking at? Also, named is giving me headaches with
the samba_dlz stuff. Here's the error I get when I try to start named:
Dec 11 08:38:06 pluto named[9417]: samba_dlz: Failed to connect to
Failed to connect to /var/lib/samba/private/dns/sam.ldb: Unable to open
tdb '/var/lib/samba/private/dns/sam.ldb': Permission denied: Operations
error
Dec 11 08:38:06 pluto named[9417]: samba_dlz: FAILED dlz_create call
result=25 #refs=0
the directory /var/lib /samba/private/dns does exist, owned by
root:named and having permissions 770, so why can't named create the file?
Thanks!
On 12/11/2020 12:15 AM, Johannes Engel via samba wrote:
> Hi Dan,
>
> have you run
>
> samba_upgradedns --dns-backend=BIND9_DLZ
>
> already? That should create all necessary files. Or depending upon
> your Samba version, could you please check for
> /var/lib/samba/private/dns.keytab?
>
> May I assume that you are using a packaged build of Samba?
>
> Best regards
>
> Johannes
>
>
> Am Fr., 11. Dez. 2020 um 07:28 Uhr schrieb Dan Egli via samba <
> samba at lists.samba.org>:
>
>> I was reading on the samba wiki about how to use bind9_dlz as the DNS
>> backend for an AD Domain, but in the setup instructions for bind given
>> in the wiki it says to be sure to include the line tkey-gssapi-keytab
>> "/var/lib/samba/bind-dns/dns.keytab"; in my named.conf file,
in the
>> options section. That's great, except I don't HAVE a dns.keytab
file
>> anywhere on the system. I've looked at the page carefully and
nothing
>> says where the file comes from. Only that it's in the
>> /var/lib/samba/bind-dns directory, but on my system that directory is
>> empty. Is this something that bind is going to create or something?
I'm
>> a bit lost. Any help is appreciated!
>>
>> In case anyone is wondering, I'm using bind because the system
already
>> has bind on it to serve internet DNS requests. So rather than try to
>> figure out how to let samba maintain it's own internal DNS cache
and
>> still have the main one, I just figured I'd let bind handle the
whole
>> thing.
>>
>> --
>> Dan Egli
>> From my Test Server
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
--
Dan Egli
From my Test Server
quick update. I solved THAT issue by making sure that all the dirs above dns had read+exceute permissions on group. They do now, and the error changed: Dec 11 08:46:43 pluto named[9460]: samba_dlz: Unable to get basedn for /var/lib/samba/private/dns/sam.ldb - NULL Base DN invalid for a base search Huh? I'm even more lost now. On 12/11/2020 1:33 AM, Dan Egli via samba wrote:> Packaged samba? You could say that. Gentoo downloads the source > tarball, add some patches, then compiles and installs it. As for > samba_upgradedns I'm not familiar with that and certainly didn't see > it on the setup page for BIND.? But I ran it just now: > > Reading domain information > DNS accounts already exist > No zone file /var/lib/samba/bind-dns/dns/HOME.EGLIFAMILY.NAME.zone > /usr/sbin/samba_upgradedns:338: DeprecationWarning: The 'warn' method > is deprecated, use 'warning' instead > ? logger.warn("DNS records will be automatically created") > DNS records will be automatically created > DNS partitions already exist > Adding dns-pluto account > BIND version unknown, please modify /var/lib/samba/bind-dns/named.conf > manually. > See /var/lib/samba/bind-dns/named.conf for an example configuration > include file for BIND > and /var/lib/samba/bind-dns/named.txt for further documentation > required for secure DNS updates > Finished upgrading DNS > You have switched to using BIND9_DLZ as your dns backend, but still > have the internal dns starting. Please make sure you add '-dns' to > your server services line in your smb.conf. > > I imagine that's because the script looks for up to bind 9.12, but the > latest is 9.16. So I manually edited my named.conf file: > # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen > support. > # > # This file should be included in your main BIND configuration file > # > # For example with > # include "/var/lib/samba/bind-dns/named.conf"; > > # > # This configures dynamically loadable zones (DLZ) from AD schema > # Uncomment only single database line, depending on your BIND version > # > dlz "AD DNS Zone" { > ??? database "dlopen /usr/lib/samba/bind9/dlz_bind9_12.so"; > }; > > Hope that's correct. After running the samba_dnsupgrade I have TWO > dns.keytab files: > locate dns.keytab > /var/lib/samba/bind-dns/dns.keytab > /var/lib/samba/private/dns.keytab > > Which should I be looking at? Also, named is giving me headaches with > the samba_dlz stuff. Here's the error I get when I try to start named: > > Dec 11 08:38:06 pluto named[9417]: samba_dlz: Failed to connect to > Failed to connect to /var/lib/samba/private/dns/sam.ldb: Unable to > open tdb '/var/lib/samba/private/dns/sam.ldb': Permission denied: > Operations error > Dec 11 08:38:06 pluto named[9417]: samba_dlz: FAILED dlz_create call > result=25 #refs=0 > > the directory /var/lib /samba/private/dns does exist, owned by > root:named and having permissions 770, so why can't named create the > file? > > > Thanks! > > On 12/11/2020 12:15 AM, Johannes Engel via samba wrote: > >> Hi Dan, >> >> have you run >> >> samba_upgradedns --dns-backend=BIND9_DLZ >> >> already? That should create all necessary files. Or depending upon >> your Samba version, could you please check for >> /var/lib/samba/private/dns.keytab? >> >> May I assume that you are using a packaged build of Samba? >> >> Best regards >> >> Johannes >> >> >> Am Fr., 11. Dez. 2020 um 07:28 Uhr schrieb Dan Egli via samba < >> samba at lists.samba.org>: >> >>> I was reading on the samba wiki about how to use bind9_dlz as the DNS >>> backend for an AD Domain, but in the setup instructions for bind given >>> in the wiki it says to be sure to include the line tkey-gssapi-keytab >>> "/var/lib/samba/bind-dns/dns.keytab"; in my named.conf file, in the >>> options section. That's great, except I don't HAVE a dns.keytab file >>> anywhere on the system. I've looked at the page carefully and nothing >>> says where the file comes from. Only that it's in the >>> /var/lib/samba/bind-dns directory, but on my system that directory is >>> empty. Is this something that bind is going to create or something? I'm >>> a bit lost. Any help is appreciated! >>> >>> In case anyone is wondering, I'm using bind because the system already >>> has bind on it to serve internet DNS requests. So rather than try to >>> figure out how to let samba maintain it's own internal DNS cache and >>> still have the main one, I just figured I'd let bind handle the whole >>> thing. >>> >>> -- >>> Dan Egli >>> ? From my Test Server >>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions:? https://lists.samba.org/mailman/options/samba >>>-- Dan Egli From my Test Server
On 11/12/2020 08:33, Dan Egli via samba wrote:> Packaged samba? You could say that. Gentoo downloads the source > tarball, add some patches, then compiles and installs it. As for > samba_upgradedns I'm not familiar with that and certainly didn't see > it on the setup page for BIND.? But I ran it just now: > > Reading domain information > DNS accounts already exist > No zone file /var/lib/samba/bind-dns/dns/HOME.EGLIFAMILY.NAME.zone > /usr/sbin/samba_upgradedns:338: DeprecationWarning: The 'warn' method > is deprecated, use 'warning' instead > ? logger.warn("DNS records will be automatically created") > DNS records will be automatically created > DNS partitions already exist > Adding dns-pluto account > BIND version unknown, please modify /var/lib/samba/bind-dns/named.conf > manually. > See /var/lib/samba/bind-dns/named.conf for an example configuration > include file for BIND > and /var/lib/samba/bind-dns/named.txt for further documentation > required for secure DNS updates > Finished upgrading DNS > You have switched to using BIND9_DLZ as your dns backend, but still > have the internal dns starting. Please make sure you add '-dns' to > your server services line in your smb.conf. > > I imagine that's because the script looks for up to bind 9.12, but the > latest is 9.16. So I manually edited my named.conf file: > # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen > support. > # > # This file should be included in your main BIND configuration file > # > # For example with > # include "/var/lib/samba/bind-dns/named.conf"; > > # > # This configures dynamically loadable zones (DLZ) from AD schema > # Uncomment only single database line, depending on your BIND version > # > dlz "AD DNS Zone" { > ??? database "dlopen /usr/lib/samba/bind9/dlz_bind9_12.so"; > }; > > Hope that's correct. After running the samba_dnsupgrade I have TWO > dns.keytab files: > locate dns.keytab > /var/lib/samba/bind-dns/dns.keytab > /var/lib/samba/private/dns.keytab > > Which should I be looking at? Also, named is giving me headaches with > the samba_dlz stuff. Here's the error I get when I try to start named: > > Dec 11 08:38:06 pluto named[9417]: samba_dlz: Failed to connect to > Failed to connect to /var/lib/samba/private/dns/sam.ldb: Unable to > open tdb '/var/lib/samba/private/dns/sam.ldb': Permission denied: > Operations error > Dec 11 08:38:06 pluto named[9417]: samba_dlz: FAILED dlz_create call > result=25 #refs=0 > > the directory /var/lib /samba/private/dns does exist, owned by > root:named and having permissions 770, so why can't named create the > file? > > > Thanks! > > On 12/11/2020 12:15 AM, Johannes Engel via samba wrote: > >> Hi Dan, >> >> have you run >> >> samba_upgradedns --dns-backend=BIND9_DLZ >> >> already? That should create all necessary files. Or depending upon >> your Samba version, could you please check for >> /var/lib/samba/private/dns.keytab? >> >> May I assume that you are using a packaged build of Samba? >> >> Best regards >> >> Johannes >> >> >> Am Fr., 11. Dez. 2020 um 07:28 Uhr schrieb Dan Egli via samba < >> samba at lists.samba.org>: >> >>> I was reading on the samba wiki about how to use bind9_dlz as the DNS >>> backend for an AD Domain, but in the setup instructions for bind given >>> in the wiki it says to be sure to include the line tkey-gssapi-keytab >>> "/var/lib/samba/bind-dns/dns.keytab"; in my named.conf file, in the >>> options section. That's great, except I don't HAVE a dns.keytab file >>> anywhere on the system. I've looked at the page carefully and nothing >>> says where the file comes from. Only that it's in the >>> /var/lib/samba/bind-dns directory, but on my system that directory is >>> empty. Is this something that bind is going to create or something? I'm >>> a bit lost. Any help is appreciated! >>> >>> In case anyone is wondering, I'm using bind because the system already >>> has bind on it to serve internet DNS requests. So rather than try to >>> figure out how to let samba maintain it's own internal DNS cache and >>> still have the main one, I just figured I'd let bind handle the whole >>> thing. >>> >>> -- >>> Dan Egli >>> ? From my Test Server >>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions:? https://lists.samba.org/mailman/options/samba >>>It doesn't matter how you install Samba, when you join a DC you will never get the keytab in the bind-dns dir, the code doesn't exist to create it. The keytab should be created under three circumstances, when you provision a DC with ' --dns-backend=BIND9_DLZ', When you run 'samba_dnsupdate' and when you join a DC with '--dns-backend=BIND9_DLZ'. The first two work because the code exists (the same code twice), but the required code isn't there when you join a new DC. Rowland