On 2/28/21 1:55 PM, Rowland penny via samba wrote:> On 28/02/2021 19:17, K. R. Foley wrote:
>>
>> Okay. Turns out the problem with the script was that the
>> /etc/resolv.conf had been overwritten. After I resolved that, I was
>> able to run the script and capture the output below:
>>
>> Collected config? --- 2021-02-28-12:54 -----------
>>
>> -
>> -----------
>> ?????? Checking file: /etc/resolv.conf
>> ; generated by /usr/sbin/dhclient-script
>> search local.richardshapiro.com
>> nameserver 10.50.20.87
>
>
> OK, you need to find out what is running /usr/sbin/dhclient-script and
> stop it.
I will deal with this.>
>> -----------
>> ?????? Checking file: /etc/nsswitch.conf
>>
>> passwd:???? files sss
>> shadow:???? files sss
>> group:????? files sss
>> #initgroups: files sss
>
>
> If sssd is installed, I would remove it, then replace all the 'sss'
> with 'winbind' except on the 'shadow' line, which should
just be
> 'files'. You will also need to create the winbind links :
> https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
>
> Note: Apart from removing the 'sss', you only need to do this if
you
> want your users to login to the DC.
>
Done.
>> -----------
>> ?????? Checking file: /usr/local/samba/etc/smb.conf
>> # Global parameters
>> [global]
>> ??? netbios name = SS-PROD
>> ??? realm = LOCAL.RICHARDSHAPIRO.COM
>> ??? server role = active directory domain controller
>> ??? server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> winbindd, ntp_signd, kcc, dnsupdate
>> ??? workgroup = LOCAL
>> ??? idmap_ldb:use rfc2307 = yes
>> ??? #log level = 10
>> [sysvol]
>> ??? path = /usr/local/samba/var/locks/sysvol
>> ??? read only = No
>>
>> [netlogon]
>> ??? path =
>> /usr/local/samba/var/locks/sysvol/local.richardshapiro.com/scripts
>> ??? read only = No
>> -----------
>> Detected bind DLZ enabled..
>> Warning, detected bind is enabled in smb.conf, but no /etc/bind
>> directory found
>
>
> Your smb.conf shows that you are using bind9, but as the script was
> written for Debian, your bind (named) files are all in
> /etc/named.conf, so can you post that file.
>
>
Contents of /etc/named.conf
# Global Configuration Options
options {
??? auth-nxdomain yes;
??? directory "/var/named";
??? notify no;
??? empty-zones-enable no;
??? # IP addresses and network ranges allowed to query the DNS server:
??? allow-query {
??????? 127.0.0.1;
??????? 10.50.20.0/24;
??????? 192.168.100.0/24;
??????? #10.99.1.0/24;
??? };
??? # IP addresses and network ranges allowed to run recursive queries:
??? # (Zones not served by this DNS server)
??? allow-recursion {
??????? 127.0.0.1;
??????? 10.50.20.0/24;
??????? 192.168.100.0/24;
??????? #10.1.1.0/24;
??? };
??? # Forward queries that can not be answered from own zones
??? # to these DNS servers:
#??? forwarders {
#??????? 8.8.8.8;
#??????? 8.8.4.4;
#??? };
??? # Disable zone transfers
??? allow-transfer {
??????? none;
??? };
??? tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
??? minimal-responses yes;
?};
# Root Servers
# (Required for recursive DNS queries)
zone "." {
?? type hint;
?? file "named.root";
};
# localhost zone
zone "localhost" {
??? type master;
??? file "master/localhost.zone";
};
# 127.0.0. zone.
zone "0.0.127.in-addr.arpa" {
??? type master;
??? file "master/0.0.127.zone";
};
include "/usr/local/samba/bind-dns/named.conf";