Web lists-archives.com

Re: [Samba] Update samba and Debian




On Sat, 09 Dec 2017 19:11:01 +0000
sandy.napoles@xxxxxxxxxxxxxx wrote:

> 9 de diciembre de 2017 13:58, "Rowland Penny via samba"
> <samba@xxxxxxxxxxxxxxx> escribió:
> 
> > On Sat, 09 Dec 2017 18:46:39 +0000
> > sandy.napoles@xxxxxxxxxxxxxx wrote:
> > 
> >> 9 de diciembre de 2017 13:34, "Rowland Penny via samba"
> >> <samba@xxxxxxxxxxxxxxx> escribió:
> >> 
> >> On Sat, 09 Dec 2017 18:01:44 +0000
> >> sandy.napoles@xxxxxxxxxxxxxx wrote:
> >> 
> >> 9 de diciembre de 2017 12:57, "Rowland Penny via samba"
> >> <samba@xxxxxxxxxxxxxxx> escribió:
> >> 
> >> On Sat, 09 Dec 2017 17:06:21 +0000
> >> Sandy via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >> 
> >> Hello list, I want to make a new domain with the following
> >> features, using debian 9 with samba 4.7.3, at the beginning
> >> everything went well, but I have a doubt when in the configuration
> >> it is requested what type of server to choose, I would like to use
> >> the option NONE , then install a bind and configure it myself, all
> >> that is fine, but I have a doubt, when I run the
> >> command ./samba_update --verbose, I get the following ....... I
> >> would like to know what I have wrong or what's wrong with that
> >> output, I'll only show a part, I'd like to know if that output is
> >> correct and the error it gives to what should be need cache add: A
> >> ccmg7.eccmg.cupet.cu x.x.x.x Looking for DNS entry A
> >> ccmg7.eccmg.cupet.cu 172.18.68.7 as ccmg7.eccmg.cupet.cu. need
> >> cache add: A eccmg.cupet.cu 172.18.68.7 Looking for DNS entry A
> >> eccmg.cupet.cu 172.18.68.7 as eccmg.cupet.cu. need cache add: SRV
> >> _ldap._tcp.eccmg.cupet.cu ccmg7.eccmg.cupet.cu 389 Looking for DNS
> >> entry SRV _ldap._tcp.eccmg.cupet.cu ccmg7.eccmg.cupet.cu 389 as
> >> _ldap._tcp.eccmg.cupet.cu. Checking 0 100 389
> >> ccmg7.eccmg.cupet.cu. against SRV _ldap._tcp.eccmg.cupet.cu
> >> ccmg7.eccmg.cupet.cu 389 need cache add: SRV
> >> _ldap._tcp.dc._msdcs.eccmg.cupet.cu ccmg7.eccmg.cupet.cu 389
> >> 
> >> 1 DNS updates and 0 DNS deletes needed
> >> Traceback (most recent call last):
> >> File "./samba_dnsupdate", line 863, in
> >> creds = get_credentials(lp)
> >> File "./samba_dnsupdate", line 204, in get_credentials
> >> raise e
> >> samba.NTSTATUSError: (-1073741811, 'An invalid parameter was passed
> >> to a service or function.')
> >> 
> >> I take it you mean you used '--dns-backend=NONE' with the provision
> >> command or you ran the provision command interactively and enter
> >> 'NONE' when prompted for the dns server.
> >> 
> >> Which ever you did, it was a BAD idea.
> >> If you want to use Bind9 as the dns server instead of the internal
> >> dns server, install bind9 before the provision and use
> >> '--dns-backend=BIND9_DLZ' with the provision command or, if you run
> >> the provision interactively, enter 'BIND9_DLZ' when prompted for
> >> the dns server.
> >> Do not under any circumstances use 'BIND9_FLATFILE', it doesn't
> >> work, just as using 'NONE' doesn't work.
> >> 
> >> Rowland
> >> 
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >> 
> >> 1- samba-tool domain provision --use-rfc2307 --interactive
> >> 2- Realm [SAMDOM.EXAMPLE.COM]: SAMDOM.EXAMPLE.COM
> >> 3- Domain [SAMDOM]: SAMDOM
> >> 4- Server Role (dc, member, standalone) [dc]: dc
> >> 5- DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
> >> [SAMBA_INTERNAL]: NONE
> >> 
> >> Do not use 'NONE', if you do, you will not get the dns info in AD.
> >> 
> >> install Bind9 before you provision the domain, then when prompted:
> >> 
> >> DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
> >> [SAMBA_INTERNAL]:
> >> 
> >> Enter 'BIND9_DLZ'
> >> 
> >> You can, if you wish, configure Bind9 before the provision, but do
> >> not start it or add any AD dns zones to the named conf files.
> >> 
> >> Rowland
> >> 
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >> 
> >> thanks, I'll do what you tell me, but I need to clarify something,
> >> have 1- install bind 9, aptitude install bind9
> >> by default he creates configuration files like named.conf.option
> >> and named.conf.local that I used to configure them, he also
> >> creates files in / var / cache / bind where the zones are declared
> >> direct and inverza you tell me that those files leave them blank
> >> 2- I promote my samba 4 as you tell me the doubt is after
> >> promoting I have to configure the files ????? if from any pc I do
> >> an nslookup and it solves me the zones ???
> >> 
> >> look what my configuration files have
> >> 
> >> $ORIGIN .
> >> $TTL 604800 ; 1 week
> >> eccmg.cupet.cu IN SOA eccmg.cupet.cu.
> >> sandynapoles@xxxxxxxxxxxxxx. ( 1110093 ; serial
> >> 604800 ; refresh (1 week)
> >> 86400 ; retry (1 day)
> >> 2419200 ; expire (4 weeks)
> >> 604800 ; minimum (1 week)
> >> )
> >> 
> >> NS ccmg7.eccmg.cupet.cu.
> >> A 172.18.68.7
> >> ccmg7.eccmg.cupet.cu. IN A 172.18.68.7
> >> 
> >> ;================RECORDS PERTENECIENTES AL DC OVER
> >> SMABA4=====================================================================
> >> 8b812222-b390-493d-bfc7-a97dbb0a023b._msdcs.eccmg.cupet.cu.
> >> 900 IN CNAME
> >> ccmg7.eccmg.cupet.cu.
> >> ;===================================================================================================
> >> =========================
> > 
> > I think you need to go and read this Samba wikipage:
> > https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
> > 
> > Rowland
> > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> 
> thanks, I'll read what you say, but I know that samba4 can work
> choosing the option NONE, in fact I have it so, maybe when I did it
> for the first time it was different now, but in a general way look at
> what I did when that.
> 
> 1- download samba 4.x.x
> 2- compile it according to the samba wiki
> 3- in the BIND options, I chose 'NONE'

This is NOT supported and will very probably lead to errors in the long
term.

> 4- on the debian 8 apt-get install bind9

You said debian 9 earlier, but no matter, this should have been done
before the provision.

> 5- edit the named.conf.local and opetion files that are inside /
> etc / named 

I think you need to post your named conf files

>6- configure the previous step according to my needs,
> adding views, acl, forward, etc. 

You cannot use views with Samba AD DC
 
>7- configure the zones that are
> created in / var / cache / bind 

How have you configured them ?

>8- restart the server
> 9- I try the command /usr/local/samba/sbin/samba_dns_update
> --verbose and it gives me the next output as time there is no error,
> and that I have it working well, what happens is that I want to mount
> another domain in another place with debian 9 and I do the same steps
> that I have always done, but I get that error at the end ..... thank
> you......
> 

I am surprised you only get the error in one location, unless Samba
wasn't involved in the first location.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba