On Fri, 15 Sep 2023 15:07:53 +0000 (UTC) "compeilermail-openbc at yahoo.de" <compeilermail-openbc at yahoo.de> wrote:> Hi Rowland, > I am administrating Solaris and AIX machines, but from samba and > active directory server I do not understand much. So perhaps > something is wrong. This samba DC is just because of my kids, as in > times of corona each one received its own PC and so we have now with > the parents ones and the laptops about 8 PCs. And I was tired > changing passwords on different systems. So I installed the free > version of zentyal, because I did not want to make all the samba > configuration from scratch with my little knowledge in samba and > AD...So - until yesterday all run fine, just a reboot and perhaps the > updates broke the running system. Now the children want to play, but > as the Samba is the nameserver they can't connect to the internet > without reconfiguration. So I have the urge of repairing it, as also > the mother is on her side... :-( I do not think, that the named Error > is a real error. Found some indications in the web showing that it is > a warning and not indicating that it has problems with root, but with > the -u bind Option it should start as user bind (wh? exists and > works). Nevertheless I will look for this also, thanks.I think the > problem is the "'_msdcs.compeiler.windows" --- I do not know if he > needed that before. It's the first time I had this. In the named is > just the compeiler.windows. But can be that this is part of the AD > thing... I changed the /etc/hosts as to your advice > to:127.0.0.1?????? localhost.localdomain localhost 192.168.178.205 > bombadil.compeiler.windows bombadilbut this? was not made by me. This > seems the default of the zentyal thing. Nothing changed here before > The resolv.conf was changed by me and I did not notice to change it > back before I sent my questions. As DNS not worked I have put the > real DNS server of my network (which is configured as forwarder in > the DC machine). So I could do package updates etc.zentyal rewrites > that file every reboot - so my changes are not permanent. It is > normally "nameserver 127.0.1.1" > > Also did not actively configure the /etc/krb5.conf. So if you advise > to do also reverse lookups I will put them to yes. But first it seems > necessary to me that it is possible to start named again... what do > you think? The same with 'server role check: inhibit = yes' -- seems > also to be done by the zentyal application. Can change it if you > think that would be better. Hope only that the zentyal thing is not > overwritting it next reboot. I do not need nmbd and dont think I want > it to be started. My suspicion is now:You said various times that the > DNS I have should be in AD. Could it be, that they are really in the > AD. Then I installed something on that Linux that had dependencies on > named and installed and activated named. Then on next reboot it > wanted to start named and it did not start well and as I read those > things about samba_upgradedns and so on and some of this made it > worse and copied my internal AD zones to named? Is that possible? If > so just stopping the named would be fine for me. Just do not know > what to put in the resolv.conf then to ask the AD? Or can I still put > my firewall which is the real DNS Server in the resolv.conf without > having problems with AD? Thank you solong... Matthias >I wish you had asked before you setup zentyal, because from the sound of it, you are running a small home domain and you probably do not need to run bind9, you would have been okay with the internal Samba dns server. Your dns records probably are in AD, but before we go down the path of checking, are you used to running ldapsearch commands and are you aware of samba-tool ? Rowland PS, please do not 'CC' me, just reply to the list ;-)
compeilermail-openbc at yahoo.de
2023-Sep-15 17:08 UTC
[Samba] Problems with Samba as an AD and named
Hi Rowland, I learned a bit from the samba-tools while trying to administer that installation (the most, when I had to move from the former DC to that now and to demote the old one and so on), but I am sure I do not know in deep of that. With ldapsearch I just know some basics - so basically no. If it is better I also could make a new reinstall and forget of that zentyal thing. I just was unsure. But the Problem is - because of power and money thoughts the AD DC is on an old laptop and I do not know on which installation I should put it when not there. And if I understood fine, to move from one DC to another the old one has to be online. It is not possible to dump all the information and make a move. Is it? But after all I think it is just a little thing as it ran until yesterday... Thank you Am Freitag, 15. September 2023 um 17:26:03 MESZ hat Rowland Penny via samba <samba at lists.samba.org> Folgendes geschrieben: On Fri, 15 Sep 2023 15:07:53 +0000 (UTC) "compeilermail-openbc at yahoo.de" <compeilermail-openbc at yahoo.de> wrote:>? Hi Rowland, > I am administrating Solaris and AIX machines, but from samba and > active directory server I do not understand much. So perhaps > something is wrong. This samba DC is just because of my kids, as in > times of corona each one received its own PC and so we have now with > the parents ones and the laptops about 8 PCs. And I was tired > changing passwords on different systems. So I installed the free > version of zentyal, because I did not want to make all the samba > configuration from scratch with my little knowledge in samba and > AD...So - until yesterday all run fine, just a reboot and perhaps the > updates broke the running system. Now the children want to play, but > as the Samba is the nameserver they can't connect to the internet > without reconfiguration. So I have the urge of repairing it, as also > the mother is on her side... :-( I do not think, that the named Error > is a real error. Found some indications in the web showing that it is > a warning and not indicating that it has problems with root, but with > the -u bind Option it should start as user bind (wh? exists and > works). Nevertheless I will look for this also, thanks.I think the > problem is the "'_msdcs.compeiler.windows" --- I do not know if he > needed that before. It's the first time I had this. In the named is > just the compeiler.windows. But can be that this is part of the AD > thing... I changed the /etc/hosts as to your advice > to:127.0.0.1?????? localhost.localdomain localhost 192.168.178.205 > bombadil.compeiler.windows bombadilbut this? was not made by me. This > seems the default of the zentyal thing. Nothing changed here before > The resolv.conf was changed by me and I did not notice to change it > back before I sent my questions. As DNS not worked I have put the > real DNS server of my network (which is configured as forwarder in > the DC machine). So I could do package updates etc.zentyal rewrites > that file every reboot - so my changes are not permanent. It is > normally "nameserver 127.0.1.1" > > Also did not actively configure the /etc/krb5.conf. So if you advise > to do also reverse lookups I will put them to yes. But first it seems > necessary to me that it is possible to start named again... what do > you think? The same with 'server role check: inhibit = yes' -- seems > also to be done by the zentyal application. Can change it if you > think that would be better. Hope only that the zentyal thing is not > overwritting it next reboot. I do not need nmbd and dont think I want > it to be started. My suspicion is now:You said various times that the > DNS I have should be in AD. Could it be, that they are really in the > AD. Then I installed something on that Linux that had dependencies on > named and installed and activated named. Then on next reboot it > wanted to start named and it did not start well and as I read those > things about samba_upgradedns and so on and some of this made it > worse and copied my internal AD zones to named? Is that possible? If > so just stopping the named would be fine for me. Just do not know > what to put in the resolv.conf then to ask the AD? Or can I still put > my firewall which is the real DNS Server in the resolv.conf without > having problems with AD? Thank you solong... Matthias >I wish you had asked before you setup zentyal, because from the sound of it, you are running a small home domain and you probably do not need to run bind9, you would have been okay with the internal Samba dns server. Your dns records probably are in AD, but before we go down the path of checking, are you used to running ldapsearch commands and are you aware of samba-tool ? Rowland PS, please do not 'CC' me, just reply to the list ;-) -- To unsubscribe from this list go to the following URL and read the instructions:? https://lists.samba.org/mailman/options/samba