Rowland penny
2020-Dec-11 20:45 UTC
[Samba] placing sam.ldb (was dns.keytab doesn't exist)
On 11/12/2020 20:02, Dan Egli wrote:> I have the keytab file, and it's pointed there. What line do I put in > for the sam.ldb file?Nothing, it should be created for you. On my DC /var/lib/samba/bind-dns contains this: dns? dns.keytab? named.conf? named.conf.update??? named.txt The 'dns' dir contains: sam.ldb? sam.ldb.d The 'sam.ldb.d' dir contains: 'CN=CONFIGURATION,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb' 'CN=SCHEMA,CN=CONFIGURATION,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb' 'DC=DOMAINDNSZONES,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb' 'DC=FORESTDNSZONES,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb' 'DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb' ?metadata.tdb> I can see where the good one and the bogus one were created. I'm > perfectly content to copy the good one over the bogus one, but if > there's a better option, I'd like to know about it. I have NO lines > dealing with sam.ldb at all. the tkey-gssapt-keytab line already > existed in my config, no worries there.Yes, but was it the correct line, I only ask because everything used to be in the private dir.> > Once I do all of this, in theory I should be able to start named in > association with samba, right?Once everything is correct, then yes.> And then samba should be able to tell named when to update the zone > files for the domain, right?something along those lines. Rowland
Okay, here's mine: /var/lib/samba/bind-dns: total 16 drwx------ 3 root named 4096 Dec 11 01:02 dns -rw-rw---- 2 root named? 556 Dec 11 01:02 dns.keytab -rw-rw-r-- 1 root named? 929 Dec 11 01:02 named.conf -rw-rw-r-- 1 root named 2051 Dec 11 01:02 named.txt /var/lib/samba/bind-dns/dns: total 3544 -rw-rw---- 1 root named 3620864 Dec 11 01:02 sam.ldb drwx------ 2 root named??? 4096 Dec 11 01:02 sam.ldb.d /var/lib/samba/bind-dns/dns/sam.ldb.d: total 25316 -rw-rw---- 1 root named 6582272 Dec 11 01:02 'CN=CONFIGURATION,DC=HOME,DC=EGLIFAMILY,DC=NAME.ldb' -rw-rw---- 1 root named 8228864 Dec 11 01:02 'CN=SCHEMA,CN=CONFIGURATION,DC=HOME,DC=EGLIFAMILY,DC=NAME.ldb' -rw-rw---- 2 root named 4694016 Dec 11 01:45 'DC=DOMAINDNSZONES,DC=HOME,DC=EGLIFAMILY,DC=NAME.ldb' -rw-rw---- 2 root named 4694016 Dec 11 01:45 'DC=FORESTDNSZONES,DC=HOME,DC=EGLIFAMILY,DC=NAME.ldb' -rw-rw---- 1 root named 1286144 Dec 11 01:02 'DC=HOME,DC=EGLIFAMILY,DC=NAME.ldb' -rw-rw---- 2 root named? 421888 Dec 11 01:45? metadata.tdb Problem is: that sam.ldb is the one that's broken (empty) I think. There's ANOTHER sam.ldb in /var/lib/samba/private that's a bit bigger: -rw-rw---- 1 root named 4694016 Dec 10 18:05 /var/lib/samba/private/sam.ldb So if samba is looking for a sam.ldb in /var/lib/samba/bind-dns should I copy the one from private over? Or what should I do? On 12/11/2020 1:45 PM, Rowland penny via samba wrote:> On 11/12/2020 20:02, Dan Egli wrote: >> I have the keytab file, and it's pointed there. What line do I put in >> for the sam.ldb file? > > Nothing, it should be created for you. > > On my DC /var/lib/samba/bind-dns contains this: > > dns? dns.keytab? named.conf? named.conf.update??? named.txt > > The 'dns' dir contains: > > sam.ldb? sam.ldb.d > > The 'sam.ldb.d' dir contains: > > 'CN=CONFIGURATION,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb' > 'CN=SCHEMA,CN=CONFIGURATION,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb' > 'DC=DOMAINDNSZONES,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb' > 'DC=FORESTDNSZONES,DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb' > 'DC=SAMDOM,DC=EXAMPLE,DC=COM.ldb' > ?metadata.tdb > >> I can see where the good one and the bogus one were created. I'm >> perfectly content to copy the good one over the bogus one, but if >> there's a better option, I'd like to know about it. I have NO lines >> dealing with sam.ldb at all. the tkey-gssapt-keytab line already >> existed in my config, no worries there. > Yes, but was it the correct line, I only ask because everything used > to be in the private dir. >> >> Once I do all of this, in theory I should be able to start named in >> association with samba, right? > Once everything is correct, then yes. >> And then samba should be able to tell named when to update the zone >> files for the domain, right? > > something along those lines. > > Rowland > > >-- Dan Egli From my Test Server