Re: [Samba] Replication Samba PDC to Samba BDC
On 6/4/2013 1:28 AM, Giedrius wrote: 2013.06.04 09:10, "David González Herrera - [DGHVoIP]" rašė: On 6/3/2013 11:57 PM, Giedrius wrote: Hi, 2013.06.04 04:16, "David González Herrera - [DGHVoIP]" rašė: Hi, Let's see if any of the questions gets answered or at least I get ponte dto something that can help me. I followed this wiki: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain I have my S4 domain running, I compiled and installed another S4 to replicate the first server and joined successfully to the domain but replication seems to be broken. Commandused: root@bdc:~# samba-tool domain join mundo.local DC -Uadministrator --realm=mundo.local --password=Mugr3P0pO --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'mundo.local' Found DC samba.mundo.local workgroup is mundo realm is mundo.local checking sAMAccountName Adding CN=BDC,OU=Domain Controllers,DC=mundo,DC=local Adding CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local Adding CN=NTDS Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local Adding SPNs to CN=BDC,OU=Domain Controllers,DC=mundo,DC=local Setting account password for BDC$ Enabling account Calling bare provision No IPv6 address will be assigned Provision OK for domain DN DC=mundo,DC=local Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[1550/1550] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=mundo,DC=local] objects[402/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[804/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[1206/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[1608/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[1614/1614] linked_values[28/0] Replicating critical objects from the base DN of the domain Partition[DC=mundo,DC=local] objects[98/98] linked_values[31/0] Partition[DC=mundo,DC=local] objects[336/238] linked_values[74/0] Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=mundo,DC=local Partition[DC=DomainDnsZones,DC=mundo,DC=local] objects[42/42] linked_values[0/0] Replicating DC=ForestDnsZones,DC=mundo,DC=local Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[18/18] linked_values[0/0] Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[36/18] linked_values[0/0] Committing SAM database Sending DsReplicateUpdateRefs for all the replicated partitions Setting isSynchronized and dsServiceName Setting up secrets database Joined domain mundo (SID S-1-5-21-1918558401-2200574552-2151153235) as a DC Seemed to have succeded, then I radn the recommended tests # ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local objectGUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7 # record 2 dn: CN=NTDS Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local objectGUID: ad828198-a723-44c2-8d7f-d5f801e2849f # returned 2 records # 2 entries # 0 referrals These testes run from the BDC seem to work. host -t CNAME ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local is an alias for samba.mundo.local. host -t CNAME 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local is an alias for bdc.mundo.local. root@bdc:~# host -t A bdc.mundo.local. bdc.mundo.local has address 10.10.10.20 root@bdc:~# host -t A samba.mundo.local. samba.mundo.local has address 10.10.10.5 Error showing up on the BDC dns child failed to find name 'ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local' of type A dreplsrv_notify: Failed to send DsReplicaSync to ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local for CN=Configuration,DC=mundo,DC=local - *NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE * Did you AT LEAST search the mailing list??? Check if ping (or any program using GLIBC's *NSS* DNS resolver) can resolve your 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local name Yes I searched the ML with no luck. Yes, I did and it works, I had to add 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.loca lto /etc/hosts and it works. So I thinks it's a DNS issue. Not exactly, as I wrote in my other posts to mailing list, this is glibc's nss dns resolvers' (libnss_dns.so) issue that is ignoring hostnames with "_" (
Re: [Samba] Replication Samba PDC to Samba BDC
2013.06.04 09:10, "David González Herrera - [DGHVoIP]" rašė: > On 6/3/2013 11:57 PM, Giedrius wrote: >> Hi, >> >> 2013.06.04 04:16, "David González Herrera - [DGHVoIP]" rašė: >>> Hi, >>> >>> Let's see if any of the questions gets answered or at least I get >>> ponte dto something that can help me. >>> >>> I followed this wiki: >>> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain >>> >>> I have my S4 domain running, I compiled and installed another S4 to >>> replicate the first server and joined successfully to the domain but >>> replication seems to be broken. >>> >>> Commandused: >>> >>> >>> root@bdc:~# samba-tool domain join mundo.local DC -Uadministrator >>> --realm=mundo.local --password=Mugr3P0pO --dns-backend=BIND9_DLZ >>> Finding a writeable DC for domain 'mundo.local' >>> Found DC samba.mundo.local >>> workgroup is mundo >>> realm is mundo.local >>> checking sAMAccountName >>> Adding CN=BDC,OU=Domain Controllers,DC=mundo,DC=local >>> Adding >>> CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local >>> Adding CN=NTDS >>> Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local >>> Adding SPNs to CN=BDC,OU=Domain Controllers,DC=mundo,DC=local >>> Setting account password for BDC$ >>> Enabling account >>> Calling bare provision >>> No IPv6 address will be assigned >>> Provision OK for domain DN DC=mundo,DC=local >>> Starting replication >>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] >>> objects[402/1550] linked_values[0/0] >>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] >>> objects[804/1550] linked_values[0/0] >>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] >>> objects[1206/1550] linked_values[0/0] >>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] >>> objects[1550/1550] linked_values[0/0] >>> Analyze and apply schema objects >>> Partition[CN=Configuration,DC=mundo,DC=local] objects[402/1614] >>> linked_values[0/0] >>> Partition[CN=Configuration,DC=mundo,DC=local] objects[804/1614] >>> linked_values[0/0] >>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1206/1614] >>> linked_values[0/0] >>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1608/1614] >>> linked_values[0/0] >>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1614/1614] >>> linked_values[28/0] >>> Replicating critical objects from the base DN of the domain >>> Partition[DC=mundo,DC=local] objects[98/98] linked_values[31/0] >>> Partition[DC=mundo,DC=local] objects[336/238] linked_values[74/0] >>> Done with always replicated NC (base, config, schema) >>> Replicating DC=DomainDnsZones,DC=mundo,DC=local >>> Partition[DC=DomainDnsZones,DC=mundo,DC=local] objects[42/42] >>> linked_values[0/0] >>> Replicating DC=ForestDnsZones,DC=mundo,DC=local >>> Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[18/18] >>> linked_values[0/0] >>> Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[36/18] >>> linked_values[0/0] >>> Committing SAM database >>> Sending DsReplicateUpdateRefs for all the replicated partitions >>> Setting isSynchronized and dsServiceName >>> Setting up secrets database >>> Joined domain mundo (SID S-1-5-21-1918558401-2200574552-2151153235) as >>> a DC >>> >>> Seemed to have succeded, then I radn the recommended tests >>> >>> # ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' >>> --cross-ncs objectguid >>> # record 1 >>> dn: CN=NTDS >>> Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local >>> objectGUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7 >>> >>> # record 2 >>> dn: CN=NTDS >>> Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local >>> objectGUID: ad828198-a723-44c2-8d7f-d5f801e2849f >>> >>> # returned 2 records >>> # 2 entries >>> # 0 referrals >>> >>> >>> These testes run from the BDC seem to work. >>> >>> host -t CNAME ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local >>> ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local is an alias >>> for samba.mundo.local. >>> >>> host -t CNAME 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local >>> 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local is an alias >>> for bdc.mundo.local. >>> >>> root@bdc:~# host -t A bdc.mundo.local. >>> bdc.mundo.local has address 10.10.10.20 >>> >>> root@bdc:~# host -t A samba.mundo.local. >>> samba.mundo.local has address 10.10.10.5 >>> >>> >>> Error showing up on the BDC >>> >>> dns child failed to find name >>> 'ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local' of type A >>> dreplsrv_notify: Failed to send DsReplicaSync to >>> ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local for >>> CN=Configuration,DC=mundo,DC=local - *NT_STATUS_OBJECT_NAME_NOT_FOUND >>> : WERR_BADFILE * >> Did you AT LEAST search the mailing list??? >> Check if ping (or any program using GLIBC's *NSS* DNS resolver) can >>
Re: [Samba] Replication Samba PDC to Samba BDC
On 6/3/2013 11:57 PM, Giedrius wrote: Hi, 2013.06.04 04:16, "David González Herrera - [DGHVoIP]" rašė: Hi, Let's see if any of the questions gets answered or at least I get ponte dto something that can help me. I followed this wiki: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain I have my S4 domain running, I compiled and installed another S4 to replicate the first server and joined successfully to the domain but replication seems to be broken. Commandused: root@bdc:~# samba-tool domain join mundo.local DC -Uadministrator --realm=mundo.local --password=Mugr3P0pO --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'mundo.local' Found DC samba.mundo.local workgroup is mundo realm is mundo.local checking sAMAccountName Adding CN=BDC,OU=Domain Controllers,DC=mundo,DC=local Adding CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local Adding CN=NTDS Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local Adding SPNs to CN=BDC,OU=Domain Controllers,DC=mundo,DC=local Setting account password for BDC$ Enabling account Calling bare provision No IPv6 address will be assigned Provision OK for domain DN DC=mundo,DC=local Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[1550/1550] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=mundo,DC=local] objects[402/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[804/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[1206/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[1608/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[1614/1614] linked_values[28/0] Replicating critical objects from the base DN of the domain Partition[DC=mundo,DC=local] objects[98/98] linked_values[31/0] Partition[DC=mundo,DC=local] objects[336/238] linked_values[74/0] Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=mundo,DC=local Partition[DC=DomainDnsZones,DC=mundo,DC=local] objects[42/42] linked_values[0/0] Replicating DC=ForestDnsZones,DC=mundo,DC=local Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[18/18] linked_values[0/0] Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[36/18] linked_values[0/0] Committing SAM database Sending DsReplicateUpdateRefs for all the replicated partitions Setting isSynchronized and dsServiceName Setting up secrets database Joined domain mundo (SID S-1-5-21-1918558401-2200574552-2151153235) as a DC Seemed to have succeded, then I radn the recommended tests # ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local objectGUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7 # record 2 dn: CN=NTDS Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local objectGUID: ad828198-a723-44c2-8d7f-d5f801e2849f # returned 2 records # 2 entries # 0 referrals These testes run from the BDC seem to work. host -t CNAME ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local is an alias for samba.mundo.local. host -t CNAME 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local is an alias for bdc.mundo.local. root@bdc:~# host -t A bdc.mundo.local. bdc.mundo.local has address 10.10.10.20 root@bdc:~# host -t A samba.mundo.local. samba.mundo.local has address 10.10.10.5 Error showing up on the BDC dns child failed to find name 'ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local' of type A dreplsrv_notify: Failed to send DsReplicaSync to ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local for CN=Configuration,DC=mundo,DC=local - *NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE * Did you AT LEAST search the mailing list??? Check if ping (or any program using GLIBC's *NSS* DNS resolver) can resolve your 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local name Yes I searched the ML with no luck. Yes, I did and it works, I had to add 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.loca lto /etc/hosts and it works. So I thinks it's a DNS issue. Thanks for your answer. I tried to check replication status but this error shows root@bdc:~# samba-tool drs showrepl Default-First-Site-Name\BDC DSA Options: 0x0001 DSA object GUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7 DSA invocationId: 609fd8be
Re: [Samba] Replication Samba PDC to Samba BDC
Hi, 2013.06.04 04:16, "David González Herrera - [DGHVoIP]" rašė: > Hi, > > Let's see if any of the questions gets answered or at least I get > ponte dto something that can help me. > > I followed this wiki: > http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain > > I have my S4 domain running, I compiled and installed another S4 to > replicate the first server and joined successfully to the domain but > replication seems to be broken. > > Commandused: > > > root@bdc:~# samba-tool domain join mundo.local DC -Uadministrator > --realm=mundo.local --password=Mugr3P0pO --dns-backend=BIND9_DLZ > Finding a writeable DC for domain 'mundo.local' > Found DC samba.mundo.local > workgroup is mundo > realm is mundo.local > checking sAMAccountName > Adding CN=BDC,OU=Domain Controllers,DC=mundo,DC=local > Adding > CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local > Adding CN=NTDS > Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local > Adding SPNs to CN=BDC,OU=Domain Controllers,DC=mundo,DC=local > Setting account password for BDC$ > Enabling account > Calling bare provision > No IPv6 address will be assigned > Provision OK for domain DN DC=mundo,DC=local > Starting replication > Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] > objects[402/1550] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] > objects[804/1550] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] > objects[1206/1550] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] > objects[1550/1550] linked_values[0/0] > Analyze and apply schema objects > Partition[CN=Configuration,DC=mundo,DC=local] objects[402/1614] > linked_values[0/0] > Partition[CN=Configuration,DC=mundo,DC=local] objects[804/1614] > linked_values[0/0] > Partition[CN=Configuration,DC=mundo,DC=local] objects[1206/1614] > linked_values[0/0] > Partition[CN=Configuration,DC=mundo,DC=local] objects[1608/1614] > linked_values[0/0] > Partition[CN=Configuration,DC=mundo,DC=local] objects[1614/1614] > linked_values[28/0] > Replicating critical objects from the base DN of the domain > Partition[DC=mundo,DC=local] objects[98/98] linked_values[31/0] > Partition[DC=mundo,DC=local] objects[336/238] linked_values[74/0] > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=mundo,DC=local > Partition[DC=DomainDnsZones,DC=mundo,DC=local] objects[42/42] > linked_values[0/0] > Replicating DC=ForestDnsZones,DC=mundo,DC=local > Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[18/18] > linked_values[0/0] > Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[36/18] > linked_values[0/0] > Committing SAM database > Sending DsReplicateUpdateRefs for all the replicated partitions > Setting isSynchronized and dsServiceName > Setting up secrets database > Joined domain mundo (SID S-1-5-21-1918558401-2200574552-2151153235) as > a DC > > Seemed to have succeded, then I radn the recommended tests > > # ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' > --cross-ncs objectguid > # record 1 > dn: CN=NTDS > Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local > objectGUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7 > > # record 2 > dn: CN=NTDS > Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local > objectGUID: ad828198-a723-44c2-8d7f-d5f801e2849f > > # returned 2 records > # 2 entries > # 0 referrals > > > These testes run from the BDC seem to work. > > host -t CNAME ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local > ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local is an alias > for samba.mundo.local. > > host -t CNAME 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local > 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local is an alias > for bdc.mundo.local. > > root@bdc:~# host -t A bdc.mundo.local. > bdc.mundo.local has address 10.10.10.20 > > root@bdc:~# host -t A samba.mundo.local. > samba.mundo.local has address 10.10.10.5 > > > Error showing up on the BDC > > dns child failed to find name > 'ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local' of type A > dreplsrv_notify: Failed to send DsReplicaSync to > ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local for > CN=Configuration,DC=mundo,DC=local - *NT_STATUS_OBJECT_NAME_NOT_FOUND > : WERR_BADFILE * Did you AT LEAST search the mailing list??? Check if ping (or any program using GLIBC's *NSS* DNS resolver) can resolve your 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local name > > I tried to check replication status but this error shows > > root@bdc:~# samba-tool drs showrepl > Default-First-Site-Name\BDC > DSA Options: 0x0001 > DSA object GUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7 > DSA invocationId: 609fd8be-7e0c-49ca-a5f5-1a68237ef03f > > =
[Samba] Replication Samba PDC to Samba BDC
Hi, Let's see if any of the questions gets answered or at least I get ponte dto something that can help me. I followed this wiki: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain I have my S4 domain running, I compiled and installed another S4 to replicate the first server and joined successfully to the domain but replication seems to be broken. Commandused: root@bdc:~# samba-tool domain join mundo.local DC -Uadministrator --realm=mundo.local --password=Mugr3P0pO --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'mundo.local' Found DC samba.mundo.local workgroup is mundo realm is mundo.local checking sAMAccountName Adding CN=BDC,OU=Domain Controllers,DC=mundo,DC=local Adding CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local Adding CN=NTDS Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local Adding SPNs to CN=BDC,OU=Domain Controllers,DC=mundo,DC=local Setting account password for BDC$ Enabling account Calling bare provision No IPv6 address will be assigned Provision OK for domain DN DC=mundo,DC=local Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local] objects[1550/1550] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=mundo,DC=local] objects[402/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[804/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[1206/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[1608/1614] linked_values[0/0] Partition[CN=Configuration,DC=mundo,DC=local] objects[1614/1614] linked_values[28/0] Replicating critical objects from the base DN of the domain Partition[DC=mundo,DC=local] objects[98/98] linked_values[31/0] Partition[DC=mundo,DC=local] objects[336/238] linked_values[74/0] Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=mundo,DC=local Partition[DC=DomainDnsZones,DC=mundo,DC=local] objects[42/42] linked_values[0/0] Replicating DC=ForestDnsZones,DC=mundo,DC=local Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[18/18] linked_values[0/0] Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[36/18] linked_values[0/0] Committing SAM database Sending DsReplicateUpdateRefs for all the replicated partitions Setting isSynchronized and dsServiceName Setting up secrets database Joined domain mundo (SID S-1-5-21-1918558401-2200574552-2151153235) as a DC Seemed to have succeded, then I radn the recommended tests # ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local objectGUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7 # record 2 dn: CN=NTDS Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local objectGUID: ad828198-a723-44c2-8d7f-d5f801e2849f # returned 2 records # 2 entries # 0 referrals These testes run from the BDC seem to work. host -t CNAME ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local is an alias for samba.mundo.local. host -t CNAME 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local is an alias for bdc.mundo.local. root@bdc:~# host -t A bdc.mundo.local. bdc.mundo.local has address 10.10.10.20 root@bdc:~# host -t A samba.mundo.local. samba.mundo.local has address 10.10.10.5 Error showing up on the BDC dns child failed to find name 'ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local' of type A dreplsrv_notify: Failed to send DsReplicaSync to ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local for CN=Configuration,DC=mundo,DC=local - NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE I tried to check replication status but this error shows root@bdc:~# samba-tool drs showrepl Default-First-Site-Name\BDC DSA Options: 0x0001 DSA object GUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7 DSA invocationId: 609fd8be-7e0c-49ca-a5f5-1a68237ef03f INBOUND NEIGHBORS DC=mundo,DC=local Default-First-Site-Name\SAMBA via RPC DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f Last attempt @ Mon Jun 3 20:58:43 2013 EDT failed, result 2 (WERR_BADFILE) 8 consecutive failure(s). Last success @ Mon Jun 3 20:35:43 2013 EDT CN=Schema,CN=Configuration,DC=mundo,DC=local Default-First-Site-Name\SAMBA via RPC
Re: [Samba] Need help with file corruption issue
> So you are creating files on the server side, access it from > the client side, remove it on the server side again and > create a new file server side under the same name? No, This is much more serious. Please see the strace.txt log. Let me step you through the last bit: 1) Here, I create a file SdLajo6RXt on the share. I read it from the raw disk location and also read it from the mounted location, and it matches. Same! /grid/samba_stress_test/SdLajo6RXt : 0.5406506065286610.5406506065286610.5406506065286610.5406506065286610.540650606528661 /root/grid/samba_stress_test/SdLajo6RXt: 0.5406506065286610.5406506065286610.5406506065286610.5406506065286610.540650606528661 2) Next I delete it unlink("/grid/samba_stress_test/SdLajo6RXt") = 0 3) Next I create a new file **with a different name**, write to it directly on disk, and read it from the samba mount: Different! /grid/samba_stress_test/85fsYXTNhJ : 0.9504576548397450.9504576548397450.9504576548397450.9504576548397450.950457654839745 /root/grid/samba_stress_test/85fsYXTNhJ: 0.5406506065286610.5406506065286610.5406506065286610.5406506065286610.540650606528661 **Note that the NEW file has incorrect content. It matches the OLD, DELETED file.** I double-checked the trace, and the filenames in the trace are all unique. I mounted the share using "forcedirectio" and couldn't get it to repro. I would think that the file name is a part of the key used for caching! Is there some way to get visibility into the caching, so see why it's apparently returning invalid data for a brand new file that it should have *no* data for? > Does the same also happen if you do the file > creation/deletion via Samba as well? It does not. For fun, I self-mapped the share twice and wrote to one mapped share while reading from the other, to simulate 1 client writing and another reading. I was able to repro the issue. I also went ahead and implemented a test where I used winexe to fetch the file from a Windows machine that had the samba share mounted. I was *not* able to repro it. So it's possible that there's something wrong in the Linux cifs module, or it's a race condition and the latencies of doing the remote command to "type C:\path\to\mount\samba_stress_test\random_file" mean I can't repro it. (It's possible that the corrupt files we saw on Windows before were due to something else.) On Mon, Jun 3, 2013 at 7:56 AM, Volker Lendecke wrote: > On Fri, May 31, 2013 at 12:51:40PM -0400, David Coppit wrote: >> Hey Volker, thanks for the reply. >> >> > Can you explain for really stupid people what this does and where the >> > problem is? >> >> Here's what the perl code is doing: >> >> 1) In a loop... >> 1.1) Write a file to the local disk, using a random filename and 5 >> random floats followed by a newline as the content. >> 1.2) chown the file so that the samba mount user can read it >> 1.3) Read that file from a cifs mount of that very same local disk >> location, hosted by samba >> 1.4) Compare the written content versus the read content, exiting if >> they are different. >> 1.5) Delete the temp file > > So you are creating files on the server side, access it from > the client side, remove it on the server side again and > create a new file server side under the same name? I would > really think this is a caching issue, the client does not > notice the file changed. The wireshark trace you sent does > not contain any file related operations, so this time the > client did not even ask the server to close and open the > file again. > > Does the same also happen if you do the file > creation/deletion via Samba as well? > > Volker > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen > phone: +49-551-37-0, fax: +49-551-37-9 > AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen > http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] netlogon & homes with Samba4 DC
Am 03.06.2013 20:52, schrieb spamv...@googlemail.com: Am 01.06.2013 22:38, schrieb spamv...@googlemail.com: 1) netlogon smb.conf [netlogon] path = /usr/local/samba/var/locks/**sysvol/asta-wh.de/scripts read only = No I can access the folder and execute the script as user, but it gets not executed automaticly Did you add the name of the login script to the user account in ADUC (on the 'profiles' tab)? Or should the logon script be executed on a different way? > > > yes ive added the script in the profiles tab where the roaming > profile(which is working) is also added . - Do you have just the name of the script (e. g. "logonscript.bat") or a full path in ADUC? - Any entries in the windows event log? - Anything interesting if you run at a higher debug level. Increase it to 3 and search the logs for the name of your login script after login. Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA4 vs Windows 2008 AD
2013-05-26 10:46 keltezéssel, Mario Almeida írta: Hi All, Is there any answer? On Sat, May 25, 2013 at 7:43 PM, Mario Almeida wrote: Hi All, I am planning to covert our company's AD server to Samba4, need to know if Samba4 is complete replacement for Windows 2008 AD. Is there a link to show features comparison, showing what is compatible and what is not? Regards, Remy Yes, but your mail arrived today, probably nobody else on the list haven't seen it before. Please check you outgoing mail route. Basically Samba 4.0.x lacks the following features: 1. Domain DFS 2. DAFSR (needed to replicate sysvol between DCs) 3. Trust (it can be trusted it cannot trust) 4. Forest (multidomain) support 5. Group policy modeling wizard support You should check which of the aforementioned features, if any are important for your company, and could run a few test migrations. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] dynamic DNS Updates still failing, re-installed 9 more times, tried everything I could think of, now bald.
Mon, Jun 03, 2013 at 03:07:53AM -0700, Gary Maurizi napsal(a): > Thank You Thank You Thank You!! I see eactly the same enthusiasm and celebration as I did yesterday :o)) > '--disable-isc-spnego' > > CentOS base AND epel bind9.8 packages both compile with this, this IS/WAS > the cause of my and every other samba4 CentOS 6 users issue with dynamic > DNS updates. > > 01. Downloading the source RPM, removing this line from the build > --disable-isc-spnego > > 02. and changing --with-gssapi=yes TO: '--with-gssapi=/usr/include/gssapi This is not needed. --with-gssapi=yes the configure autodetect the gssapi so it's ok. > 03. and adding the line --with-dlopen=yes I think this isn't needed also as there are several --with-dlz-XYZ For sure I just removed --disable-isc-spnego (and backported the patch for samba internal dns - removing empty node: https://bugzilla.samba.org/show_bug.cgi?id=9559 ) and it starts working. I hope I'll find some time and create bug report to the redhat bugzilla. Maybe someone will take a care in RH. > Thank You for updating the WIKI, maybe even a note that the CentOS 6 > version of bind available via YUM will not work, or a note to check with > named -V that --disable-isc-spnego is not in your build, and that > --with-gssapi=yes is wrong and needs to read > --with-gssapi=/usr/include/gssapi or something of that sort, as when I was > working through this, the build-bind page contained only "GSSAPI and dlopen > support" mentions. I'll try once I obtain access to the samba wiki. Best regards, Luf > On Mon, Jun 3, 2013 at 12:57 AM, Andrew Bartlett wrote: > > > On Mon, 2013-06-03 at 08:02 +0200, steve wrote: > > > On Mon, 2013-06-03 at 09:36 +1000, Andrew Bartlett wrote: > > > > On Mon, 2013-06-03 at 01:11 +0200, steve wrote: > > > > > On Mon, 2013-06-03 at 08:16 +1000, Andrew Bartlett wrote: > > > > > > > > > > > > > End users need something simple to install. We also need something > > that > > > > > does dynamic dns reliably. The strong points of the internal dns are > > > > > it's simplicity of installation. Would it be possible to get it to do > > > > > dns updates from nsupdate? > > > > > > > > It does do dns updates from nsupdate. There is a client-side error > > > > shown *after* the successful update, but the developer who developed > > the > > > > patch for this hasn't been able to write the tests to allow his changes > > > > to make it into master. > > > > > > Hi > > > No, I'm sorry but it doesn't. The record goes in once and that's that. > > > You then can't change it. Not with nsupdate. Not with samba-too dns. The > > > only way to free it is to samba_upgradedns to BIND9_DLZ it. > > > > Please re-test with current master and if it still an issue please file > > a bug. > > > > Andrew Bartlett > > > > -- > > Andrew Bartletthttp://samba.org/~abartlet/ > > Authentication Developer, Samba Team http://samba.org > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Backup Samba4
Hello, Am 23.05.2013 18:12, schrieb Rodrigo Emilio Sobrinho: Can anyone help me? I'm having trouble backing up the Samba4. When I run the command /usr/sbin/samba_backup, it brings the following error: Error while archiving /usr/local/backups/samba4_private.210513.tar.bz2 The script shipped with samba is very basic and doesn't allow any changes on the installation. Like here, I use --sysconfdir=/etc. But the script only searches the directories below $FROMWHERE. The easiest way to find out why the tar fails, is to remove the ">/dev/null 2>&1" from all "tar" commands temporarily. Then you'll see, why tar doesn't exit with 0. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems during connect to server and listing files
Jerry, you could install a commercially supported linux or other OS and then you would have a help line in your time of need... I am sorry if your free software doesn't have the support you would like to see, but there is no call to be rude about it. I have seen this happen more on the samba lists than it should, and frankly I am getting a little tired of it. If you have something useful to add to your post (configs, how things are supposed to work, etc) then add that, otherwise please leave the negative comments to yourself. (Now is a good time to mention that I am a user and not a samba team member, so this view is mine and mine alone, but it really gets on my nerves when people are rude about things). Now that I have that out of the way, you have given us a small snippet of your log, from which server you haven't said and are using a pretty old version of samba. What packages did CentOS update that might have caused this? Is it possible an option in your configs has been depreciated? You mention "I can connect to a share on the Solaris server from either a linux or windows workstation. I get connected but I don't see any of the files in the share directory ( which resides on the CentOS server)" is this over nfs, smbclient, or cifs? Thanks, Ricky On Mon, Jun 3, 2013 at 11:23 AM, Jerry Lowry wrote: > Well, thanks so much for the help, NOT! > > I suppose no one has any ideas or thoughts on trouble shooting this > problem. > > could be samba, could be nfs, could be imap. Tried them all an no one > seems to want to help. > > So much for community effort! > > > > > On 05/29/2013 02:49 PM, Jerry Lowry wrote: > >> So, no one has any ideas on this ? >> >> CentOS is running Samba version : 3.0.33-3.39.el5_8 ( DMB, Preferred, NO >> LMB ) >> Solaris is running Samba version : 3.0.28 (LMB, Preferred ) >> >> This was working before an update on the CentOS system, which installed >> the present version. Is there anything that may have broken communications >> between these two version? As I said below, I can connect to a share on >> the Solaris server from either a linux or windows workstation. I get >> connected but I don't see any of the files in the share directory ( which >> resides on the CentOS server). >> >> Any ideas? >> >> jerry >> >> On 05/28/2013 09:50 AM, Jerry Lowry wrote: >> >>> Hi, first time poster. >>> >>> I am having trouble getting one of my servers to list all the files in >>> the directory. Consequently, it is failing to work with email when users >>> create new sub folders ( main problem). >>> >>> background: >>> >>> we have two servers >>> -old solaris 10 system running as server not smb master which is >>> mail server >>> -new linux CentOS 5.9 system running as master that also serves as >>> file server >>> >>> if I create a sub folder in mail ( either Thunderbird or Outlook ) the >>> file gets created on the CentOS system but does not get listed via imap >>> subscribe which is running on the solaris system. The file permissions are >>> correct and I can dump the file header which tells me that it is a mail >>> file. But the smb server on the CentOS system apparently is not serving >>> the file to the solaris system. >>> >>> Also, if I connect from a windows client to the solaris server I only >>> get one file in the list, whereas on the CentOS system it will give the >>> complete listing. >>> >>> I have some debug listing but not sure if this is shows the problem. >>> >>> thanks, >>> jerry >>> >>> debug listing: >>> [2013/05/28 08:37:49, 2] smbd/sesssetup.c:(1200) >>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close >>> all old resources. >>> [2013/05/28 08:37:49, 2] smbd/sesssetup.c:(1200) >>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close >>> all old resources. >>> [2013/05/28 08:37:49, 2] auth/auth.c:(319) >>> check_ntlm_password: Authentication for user [jlowry] -> [jlowry] >>> FAILED with error NT_STATUS_WRONG_PASSWORD >>> [2013/05/28 08:38:03, 2] smbd/sesssetup.c:(1200) >>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close >>> all old resources. >>> [2013/05/28 08:38:03, 2] smbd/sesssetup.c:(1200) >>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close >>> all old resources. >>> [2013/05/28 08:38:04, 2] auth/auth.c:(309) >>> check_ntlm_password: authentication for user [jlowry] -> [jlowry] -> >>> [jlowry] succeeded >>> [2013/05/28 08:38:04, 0] auth/auth_util.c:(792) >>> create_builtin_administrators: Failed to create Administrators >>> [2013/05/28 08:38:04, 2] auth/auth_util.c:(914) >>> create_local_nt_token: Failed to create BUILTIN\Administrators group! >>> [2013/05/28 08:38:04, 0] auth/auth_util.c:(758) >>> create_builtin_users: Failed to create Users >>> [2013/05/28 08:38:04, 2] auth/auth_util.c:(941) >>> create_local_nt_token: Failed to create BUILTIN\Users group! >>> [2013/05/28 08:38:04, 1] smbd/service.c:(1033) >>> bagby (10.10.10.2) connect to service
Re: [Samba] Problems during connect to server and listing files
Well, thanks so much for the help, NOT! I suppose no one has any ideas or thoughts on trouble shooting this problem. could be samba, could be nfs, could be imap. Tried them all an no one seems to want to help. So much for community effort! On 05/29/2013 02:49 PM, Jerry Lowry wrote: So, no one has any ideas on this ? CentOS is running Samba version : 3.0.33-3.39.el5_8 ( DMB, Preferred, NO LMB ) Solaris is running Samba version : 3.0.28 (LMB, Preferred ) This was working before an update on the CentOS system, which installed the present version. Is there anything that may have broken communications between these two version? As I said below, I can connect to a share on the Solaris server from either a linux or windows workstation. I get connected but I don't see any of the files in the share directory ( which resides on the CentOS server). Any ideas? jerry On 05/28/2013 09:50 AM, Jerry Lowry wrote: Hi, first time poster. I am having trouble getting one of my servers to list all the files in the directory. Consequently, it is failing to work with email when users create new sub folders ( main problem). background: we have two servers -old solaris 10 system running as server not smb master which is mail server -new linux CentOS 5.9 system running as master that also serves as file server if I create a sub folder in mail ( either Thunderbird or Outlook ) the file gets created on the CentOS system but does not get listed via imap subscribe which is running on the solaris system. The file permissions are correct and I can dump the file header which tells me that it is a mail file. But the smb server on the CentOS system apparently is not serving the file to the solaris system. Also, if I connect from a windows client to the solaris server I only get one file in the list, whereas on the CentOS system it will give the complete listing. I have some debug listing but not sure if this is shows the problem. thanks, jerry debug listing: [2013/05/28 08:37:49, 2] smbd/sesssetup.c:(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/05/28 08:37:49, 2] smbd/sesssetup.c:(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/05/28 08:37:49, 2] auth/auth.c:(319) check_ntlm_password: Authentication for user [jlowry] -> [jlowry] FAILED with error NT_STATUS_WRONG_PASSWORD [2013/05/28 08:38:03, 2] smbd/sesssetup.c:(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/05/28 08:38:03, 2] smbd/sesssetup.c:(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/05/28 08:38:04, 2] auth/auth.c:(309) check_ntlm_password: authentication for user [jlowry] -> [jlowry] -> [jlowry] succeeded [2013/05/28 08:38:04, 0] auth/auth_util.c:(792) create_builtin_administrators: Failed to create Administrators [2013/05/28 08:38:04, 2] auth/auth_util.c:(914) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2013/05/28 08:38:04, 0] auth/auth_util.c:(758) create_builtin_users: Failed to create Users [2013/05/28 08:38:04, 2] auth/auth_util.c:(941) create_local_nt_token: Failed to create BUILTIN\Users group! [2013/05/28 08:38:04, 1] smbd/service.c:(1033) bagby (10.10.10.2) connect to service jlowry initially as user jlowry (uid=1002, gid=1010) (pid 8145) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Configuring New Replacement Server For Samba
Thanks for the response. I down graded my samba version to the same as my old server. I remember having a hard time getting samba to work with older versions. The 3.5.x version was the only one I could get it to work with. On 06/03/2013 11:13 AM, Gaiseric Vandal wrote: run the "testparm -v" command - that will show you the location of key files and directories including smb.conf private directory (which typically contains the smb passwd file) the lock and cache directory or directories (which include various TDB files.) netlogon directory (including netlogon scripts) profile directory (if applicable) You should not need to rejoin. But you should assume that the config for 3.5.x. may need to be tweaked to work with 3.6.x. Non-samba files will include things like /etc/host and /etc/resolv.conf. When you replace one machine with another machine with the same ip, existing machines may not be able to connect to the new machine until the old arp entries expire. Shd be less than one hour but more than 30 seconds. On 06/03/13 10:29, bhogue wrote: Hi, I did not get a response for the below, I was just wondering if this is not the right place for this question can someone suggest another mailing list. Thanks Bob On 05/30/2013 12:46 PM, bhogue wrote: Hi, I am replacing my current RHEL 6 clustered samba server with new servers. The IP's and hostnames will be the same. The samba version on the old config is: samba-3.5.10-115.el6_2.x86_64 The samba version on the new config is: samba-3.6.9-151.el6.x86_64 What do I need to do to copy the samba configuration to the new servers. Will I need to do a net join again? or will it just work because the ip's and hostnames are the same. Thanks Bob -- Bob Hogue Senior NSM Development Environment Specialist RedHat: RHCSA | RHCE Alcatel-Lucent IPD Kanata, Ontario, Canada, K2K 2E6 telephone 613 784 4823 robert.ho...@alcatel-lucent.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Configuring New Replacement Server For Samba
run the "testparm -v" command - that will show you the location of key files and directories including smb.conf private directory (which typically contains the smb passwd file) the lock and cache directory or directories (which include various TDB files.) netlogon directory (including netlogon scripts) profile directory (if applicable) You should not need to rejoin. But you should assume that the config for 3.5.x. may need to be tweaked to work with 3.6.x. Non-samba files will include things like /etc/host and /etc/resolv.conf. When you replace one machine with another machine with the same ip, existing machines may not be able to connect to the new machine until the old arp entries expire. Shd be less than one hour but more than 30 seconds. On 06/03/13 10:29, bhogue wrote: Hi, I did not get a response for the below, I was just wondering if this is not the right place for this question can someone suggest another mailing list. Thanks Bob On 05/30/2013 12:46 PM, bhogue wrote: Hi, I am replacing my current RHEL 6 clustered samba server with new servers. The IP's and hostnames will be the same. The samba version on the old config is: samba-3.5.10-115.el6_2.x86_64 The samba version on the new config is: samba-3.6.9-151.el6.x86_64 What do I need to do to copy the samba configuration to the new servers. Will I need to do a net join again? or will it just work because the ip's and hostnames are the same. Thanks Bob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Configuring New Replacement Server For Samba
Hi, I did not get a response for the below, I was just wondering if this is not the right place for this question can someone suggest another mailing list. Thanks Bob On 05/30/2013 12:46 PM, bhogue wrote: Hi, I am replacing my current RHEL 6 clustered samba server with new servers. The IP's and hostnames will be the same. The samba version on the old config is: samba-3.5.10-115.el6_2.x86_64 The samba version on the new config is: samba-3.6.9-151.el6.x86_64 What do I need to do to copy the samba configuration to the new servers. Will I need to do a net join again? or will it just work because the ip's and hostnames are the same. Thanks Bob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Removed bind 9.8 installed bind 9.9 now named will not start with samba include statement: dlz_bind9_9.so incorrect version 2 should be 1!?
Am Montag, 3. Juni 2013, 08:25:34 schrieb David González Herrera - [DGHVoIP]: > On 6/3/2013 12:41 AM, Gary Maurizi wrote: > > I removed the centos bind build and installed bind 9.9.3 from ISC source, > > and went to /usr/local/samba/private/named.conf and changed the line from > > bind 9.8 to bind 9.9 and now I get this error and named will not start > > with the include line for samba in /etc/named.conf: > > > > get: "dlz_dlopen: incorrect version 2 should be 1 in > > '/usr/local/samba/lib/bind9/dlz_bind9_9.so'" > > I found this, and actually solved that issue: > source4/dns_server/dlz_minimal.h > > #ifdef BIND_VERSION_9_8 > #define DLZ_DLOPEN_VERSION 1 > #else > #define DLZ_DLOPEN_VERSION 2 > #endif > > Try it. > > > Help! > > > > I'm guessing I have to go into my samba-master git folder and replace the > > file dnz_bind9_9.so with another for bind 9.9.3? > > > > Thank you so much, > > GM Please don't mess with source4/dns_server/dlz_minimal.h AT ALL! Latest ISC bind-9.9.3 is still using "DLZ_DLOPEN_VERSION 2", so when you properly changed /usr/local/samba/private/named.conf to use dlz_bind9_9.so, all should work as expected. I just did a build of bind-9.9.3 - and it's working so far. But there can be some pitfalls when you build stuff from source. When you just use ./configure --> make -> make install, bind will be installed to /usr/local/. So all init (or systemd) scripts might not work anymore. >From the error you get, my guess is, that you did not de-install former bind-9.8.x, so it's still used. (and/or new installed bind cannot be found). What you can do when you want to install into the distro subdirs: 1.) make sure you have a distro supplied version of bind installed. 2.) as root run "named -V". This will list the installed version and the build options used. 3.) Create an own script e.g. "configure.your_name" in the bind source dir. 4.) in that new script set all the needed configure options and then call the original configure script. (see sample below) 5.) after downloading the new bind source now run ./configure.your_name and carefully watch for warnings/errors. Possibly dependent devel packages are missing. 6.) after successful "./configure.your_name" run "make" 7.) Before running "make install" (as root) I would remove the old distro supplied bind package using the distro tools to make sure that the new install is consistent and not using any former stuff! 8.) after "make install" (as root), the new version should be available. You can check that as root with "named -V" (or "named -v") 9.) inside a root konsole, you can run bind in the foreground with: named -g -u bind_user -d3 Note, that the running "bind_user" is distro dependent, some use "bind", others use "named". Please check that! When bind is starting with the '-d3' debug info, you'll get some info like this: 03-Jun-2013 14:38:43.370 Loading 'AD DNS Zone' using driver dlopen 03-Jun-2013 14:38:43.371 Loading SDLZ driver. 03-Jun-2013 14:38:47.233 samba_dlz: started for DN DC=intranet01,DC=hom 03-Jun-2013 14:38:47.234 SDLZ driver loaded successfully. 03-Jun-2013 14:38:47.234 DLZ driver loaded successfully. 03-Jun-2013 14:38:47.235 samba_dlz: starting configure 03-Jun-2013 14:38:47.275 zone 200.168.192.in-addr.arpa/NONE: number of nodes in database: 0 03-Jun-2013 14:38:47.278 zone 200.168.192.in-addr.arpa/NONE: loaded; checking validity 03-Jun-2013 14:38:47.281 zone_settimer: zone 200.168.192.in-addr.arpa/NONE: enter 03-Jun-2013 14:38:47.282 samba_dlz: configured writeable zone '200.168.192.in-addr.arpa' 03-Jun-2013 14:38:47.284 zone intranet01.hom/NONE: number of nodes in database: 0 03-Jun-2013 14:38:47.286 zone intranet01.hom/NONE: loaded; checking validity 03-Jun-2013 14:38:47.288 zone_settimer: zone intranet01.hom/NONE: enter 03-Jun-2013 14:38:47.289 samba_dlz: configured writeable zone 'intranet01.hom' 03-Jun-2013 14:38:47.291 zone _msdcs.intranet01.hom/NONE: number of nodes in database: 0 03-Jun-2013 14:38:47.294 zone _msdcs.intranet01.hom/NONE: loaded; checking validity 03-Jun-2013 14:38:47.296 zone_settimer: zone _msdcs.intranet01.hom/NONE: enter 03-Jun-2013 14:38:47.297 samba_dlz: configured writeable zone '_msdcs.intranet01.hom' 10.) start samba as usual. Inside that bind konsole you'll see a lot of debug infos... Cheers, Günter PS - sample bind configure.tmp for opensuse. This needs modifications for other distros! (Note - with opensuse i do NOT use the chroot jail! - a different problem) #!/bin/bash export CFLAGS="-g -fomit-frame-pointer -fmessage-length=0 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous- unwind-tables -fno-strict-aliasing" export LDFLAGS="-L/usr/lib" `dirname $0`/configure -C \ --prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --sysconfdir=/etc \ --localstatedir=/var \ --libdir=/usr/lib \ --includedir=/usr/include/bind \ --
Re: [Samba] Need help with file corruption issue
On Fri, May 31, 2013 at 12:51:40PM -0400, David Coppit wrote: > Hey Volker, thanks for the reply. > > > Can you explain for really stupid people what this does and where the > > problem is? > > Here's what the perl code is doing: > > 1) In a loop... > 1.1) Write a file to the local disk, using a random filename and 5 > random floats followed by a newline as the content. > 1.2) chown the file so that the samba mount user can read it > 1.3) Read that file from a cifs mount of that very same local disk > location, hosted by samba > 1.4) Compare the written content versus the read content, exiting if > they are different. > 1.5) Delete the temp file So you are creating files on the server side, access it from the client side, remove it on the server side again and create a new file server side under the same name? I would really think this is a caching issue, the client does not notice the file changed. The wireshark trace you sent does not contain any file related operations, so this time the client did not even ask the server to close and open the file again. Does the same also happen if you do the file creation/deletion via Samba as well? Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] dynamic DNS Updates still failing, re-installed 9 more times, tried everything I could think of, now bald.
Thank You Thank You Thank You!! '--disable-isc-spnego' CentOS base AND epel bind9.8 packages both compile with this, this IS/WAS the cause of my and every other samba4 CentOS 6 users issue with dynamic DNS updates. 01. Downloading the source RPM, removing this line from the build --disable-isc-spnego 02. and changing --with-gssapi=yes TO: '--with-gssapi=/usr/include/gssapi 03. and adding the line --with-dlopen=yes 04. and re-installing bind, and then proceeding with the samba 4 domain controller tutorial fixed the issue. I apologize for being the squeaky wheel here, but this is the first time in 15 years I have run into a problem I could not find a solution to with all of the google-fu in the world. I even tried recompiling the official bind 9.9.?3 tarball from ISC source with the two options in the build tutorial and ran into the same issues, as --disable-isc-spnego was built in that way as well. Thank You for updating the WIKI, maybe even a note that the CentOS 6 version of bind available via YUM will not work, or a note to check with named -V that --disable-isc-spnego is not in your build, and that --with-gssapi=yes is wrong and needs to read --with-gssapi=/usr/include/gssapi or something of that sort, as when I was working through this, the build-bind page contained only "GSSAPI and dlopen support" mentions. A.Bartlett you have been a tremendous help, and I have learned a ton trouble shooting this issue, not least of all where the advil was hiding in the medicine cabinet. I hope to pass it on. GM On Mon, Jun 3, 2013 at 12:57 AM, Andrew Bartlett wrote: > On Mon, 2013-06-03 at 08:02 +0200, steve wrote: > > On Mon, 2013-06-03 at 09:36 +1000, Andrew Bartlett wrote: > > > On Mon, 2013-06-03 at 01:11 +0200, steve wrote: > > > > On Mon, 2013-06-03 at 08:16 +1000, Andrew Bartlett wrote: > > > > > > > > > > End users need something simple to install. We also need something > that > > > > does dynamic dns reliably. The strong points of the internal dns are > > > > it's simplicity of installation. Would it be possible to get it to do > > > > dns updates from nsupdate? > > > > > > It does do dns updates from nsupdate. There is a client-side error > > > shown *after* the successful update, but the developer who developed > the > > > patch for this hasn't been able to write the tests to allow his changes > > > to make it into master. > > > > Hi > > No, I'm sorry but it doesn't. The record goes in once and that's that. > > You then can't change it. Not with nsupdate. Not with samba-too dns. The > > only way to free it is to samba_upgradedns to BIND9_DLZ it. > > Please re-test with current master and if it still an issue please file > a bug. > > Andrew Bartlett > > -- > Andrew Bartletthttp://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] dynamic DNS Updates still failing, re-installed 9 more times, tried everything I could think of, now bald.
On Mon, 2013-06-03 at 08:02 +0200, steve wrote: > On Mon, 2013-06-03 at 09:36 +1000, Andrew Bartlett wrote: > > On Mon, 2013-06-03 at 01:11 +0200, steve wrote: > > > On Mon, 2013-06-03 at 08:16 +1000, Andrew Bartlett wrote: > > > > > > > End users need something simple to install. We also need something that > > > does dynamic dns reliably. The strong points of the internal dns are > > > it's simplicity of installation. Would it be possible to get it to do > > > dns updates from nsupdate? > > > > It does do dns updates from nsupdate. There is a client-side error > > shown *after* the successful update, but the developer who developed the > > patch for this hasn't been able to write the tests to allow his changes > > to make it into master. > > Hi > No, I'm sorry but it doesn't. The record goes in once and that's that. > You then can't change it. Not with nsupdate. Not with samba-too dns. The > only way to free it is to samba_upgradedns to BIND9_DLZ it. Please re-test with current master and if it still an issue please file a bug. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] dynamic DNS Updates still failing, re-installed 9 more times, tried everything I could think of, now bald.
Hello, Mon, Jun 03, 2013 at 08:16:58AM +1000, Andrew Bartlett napsal(a): > On Mon, 2013-06-03 at 00:05 +0200, steve wrote: > > On Sun, 2013-06-02 at 23:50 +0300, Giedrius wrote: > > > 2013.06.02 16:16, Andrew Bartlett rašė: > > > > On Sun, 2013-06-02 at 11:52 +0200, steve wrote: > > > >> On Sun, 2013-06-02 at 01:46 -0700, Gary Maurizi wrote: > > I think that DNS is still our weakest link and I'm really pleased to see > > the devs looking through the end user list occasionally. Until the > > internal DNS is ready, we're stuck with bind. Let's try and make it as > > painless as possible for ourselves. > > The only way we can really improve it (as far as I'm currently aware) is > to take the bind binary, and launch it with a custom config file inside > 'samba' like we do smbd, pointing only at our DNS zone, and with chroot > etc disabled. > > That should, in theory, get us most of the control we get with the > internal server. Someone needs to write the patches however, and it > would mean we gain yet another DNS mode (which may be more trouble than > it's worth - I don't know). I don't like this way. I know it should be easier for installing/documenting but you have less choices in usage. To be honest I don't like LDAP+krb builtin into samba binary with several limitations. As I wrote I understand it's easier way but from my point of view it is the worse one. Please don't include bind into samba. You just waste time with it. I didn't follow the discussion about internal DNS in samba but it also needs a lot of resources which are missing somewhere else. New admins will have some troubles but they'll learn new things and also troubleshooting. Best regards, Luf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Please Help! Dynamic DNS just will not work: " failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure"
Hello, I had the same problem during this weekend and I found the solution. Sat, Jun 01, 2013 at 02:58:04PM -0700, Gary Maurizi napsal(a): > 01-Jun-2013 14:56:05.799 samba_dlz: starting transaction on zone > mtolympus.local > 01-Jun-2013 14:56:05.800 client 10.0.0.106#60674: update > 'mtolympus.local/IN' denied > 01-Jun-2013 14:56:05.800 samba_dlz: cancelling transaction on zone > mtolympus.local This means that non-secure updates are forbidden in the zone. > 01-Jun-2013 14:56:05.894 client 10.0.0.106#57284: TCP request > 01-Jun-2013 14:56:05.894 client 10.0.0.106#57284: using view '_default' > 01-Jun-2013 14:56:05.894 client 10.0.0.106#57284: request is not signed > 01-Jun-2013 14:56:05.894 client 10.0.0.106#57284: recursion available > 01-Jun-2013 14:56:05.894 client 10.0.0.106#57284: query > 01-Jun-2013 14:56:05.894 failed gss_inquire_cred: GSSAPI error: Major = > Unspecified GSS failure. Minor code may provide more information, Minor = > Success. > 01-Jun-2013 14:56:05.940 gss-api source name (accept) is > gm-bed-desktop$@MTOLYMPUS.LOCAL > 01-Jun-2013 14:56:05.940 process_gsstkey(): dns_tsigerror_noerror I don't think it's the major problem (but I had no time to debug it after I solve the problem). It's in log_cred function which doesn't return any value and it's continue well - gss-api source name (accept). I see in tcpdump that bind returns success but windows doesn't continue in TSIG. > Thank you so very much for any help, I am so desperately lost at this > point, I have tried everything. Not everything ;o) You trust the RH too much. As you can see at least steve has no problem with it (on ubuntu, suse). > On Sat, Jun 1, 2013 at 1:13 PM, Gary Maurizi wrote: > > On Sat, Jun 1, 2013 at 9:46 AM, Michael De Groote < > > i...@sint-pietersschool.be> wrote: > > > >> Nick, > >> > >> doesn't that bug apply to internal dns only? (Gary says he's using > >> BIND9_DLZ) > >> > >> 2013/6/1 Nick Semenkovich > >> > >> > Looks like bug https://bugzilla.samba.org/show_bug.cgi?id=9559 which > >> > looks like it'll be fixed in git momentarily. > >> > > >> > On Sat, Jun 1, 2013 at 1:59 AM, Gary Maurizi > >> > wrote: > >> > > I just can't seem to get dynamic DNS updates working on CentOS 6.4 > >> with > >> > > samba 4.0 .tar.gz from samba.org using BIND9_DLZ. > >> > > > >> > > If I run bind 9.8.2.rc1 in debug mode and go to a domain joined > >> windows > >> > > client and run 'ipconfig /registerdns' this is what I get in my > >> console: > >> > > > >> > > 31-May-2013 23:51:06.520 client 10.0.0.106#54352: new TCP connection > >> > > 31-May-2013 23:51:06.520 client 10.0.0.106#54352: replace > >> > > 31-May-2013 23:51:06.520 clientmgr @0x7fe0575b5010: createclients > >> > > 31-May-2013 23:51:06.520 clientmgr @0x7fe0575b5010: recycle > >> > > 31-May-2013 23:51:06.520 client 10.0.0.106#54352: read > >> > > 31-May-2013 23:51:06.520 client @0x7fe04c159600: accept > >> > > 31-May-2013 23:51:06.529 client 10.0.0.106#54352: TCP request > >> > > 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: > >> > using > >> > > view 'internal-view' > >> > > 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: > >> > > request is not signed > >> > > 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: > >> > > recursion available > >> > > 31-May-2013 23:51:06.529 client 10.0.0.106#54352: view internal-view: > >> > query > >> > > 31-May-2013 23:51:06.529 failed gss_inquire_cred: GSSAPI error: Major > >> = > >> > > Unspecified GSS failure. Minor code may provide more information, > >> Minor > >> > = > >> > > Success. > >> > > 31-May-2013 23:51:06.573 gss-api source name (accept) is > >> > > gm-bed-desktop$@MTOLYMPUS.LOCAL > >> > > 31-May-2013 23:51:06.573 process_gsstkey(): dns_tsigerror_noerror > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: > >> > send > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: > >> > sendto > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: > >> > > senddone > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: > >> > next > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: view internal-view: > >> > > endrequest > >> > > 31-May-2013 23:51:06.573 client 10.0.0.106#54352: read > >> > > 31-May-2013 23:51:06.609 client 10.0.0.106#54352: next > >> > > 31-May-2013 23:51:06.609 client 10.0.0.106#54352: request failed: end > >> of > >> > > file > >> > > 31-May-2013 23:51:06.609 client 10.0.0.106#54352: endrequest > >> > > 31-May-2013 23:51:06.609 client 10.0.0.106#54352: closetcp > >> > > ^C31-May-2013 23:51:29.665 shutting down > >> > > 31-May-2013 23:51:29.665 stopping command channel on 127.0.0.1#953 > >> > > 31-May-2013 23:51:29.665 res 0x7fe0575c3010: shutdown > >> > > 31-May-2013 23:51:29.665 res 0x7fe0575c3010: exiting > >> > > > >> > > I have checked file permissions everywhere I can think of, this is my > >> 7th > >> > > time followi
Re: [Samba] dynamic DNS Updates still failing, re-installed 9 more times, tried everything I could think of, now bald.
Hello Sun, Jun 02, 2013 at 08:16:00PM -0700, Gary Maurizi napsal(a): > I think I might have figured out something about this Centos 6.4 thing and > BIND9_DLZ dynamic updates NOT working with the CentOS 6.4 bind package: > > [root@server private]# named -V > BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 built with > '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' > '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' > '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' > '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' > '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' > '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' > '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' > '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' > '--disable-openssl-version-check' '--with-dlz-ldap=yes' > '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' > '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' > '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' > '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' > 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' > 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= > -DDIG_SIGCHASE' > using OpenSSL version: OpenSSL 1.0.0 29 Mar 2010 > > > look at: '--with-gssapi=yes' ' (looks like the compile option is set to > 'yes' when its meant to be a directory path) wtf? > > shouldn't this be: --with-gssapi=/usr/include/gssapi/' You're very very close to the solution ;o)) As I posted to another/previous thread. The solution is to remove '--disable-isc-spnego' It'll be nice to include it into the wiki https://wiki.samba.org/index.php/Dns-backend_bind#Compiling_Bind Best regards, Luf > On Sun, Jun 2, 2013 at 5:40 PM, Gary Maurizi wrote: > > > I want to thank you both so very much for your help. > > > > It's another day and I'm back to it, refreshed, and determined to figure > > out what is causing so many issues for the CentOS 6.4 users. > > > > Going through the same exact steps on ubuntu 12.04 on a different machine > > does give me working dynamic DNS updates, so I have isolated the issue I'm > > having to CentOS only slightly. > > > > Though bind does not run chrooted by default/at all on CentOS 6.4, I am at > > the point of wondering if maybe some of the samba related features are > > either compiled in and broken/buggy, or not compiled in at all for the bind > > package in the base repositories. > > > > I would like to try compiling bind 9.9 from source with all of the options > > explicitly stated, but was just wondering if maybe some one could take a > > look at the build options for the CentOS-Base repo version of bind and see > > if anything sticks out as missing, I don't want to miss something samba > > needs in 9.9 using the same options presented below, when I do this. :) > > > > [root@server samba-master]# named -V > > BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 built with > > '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' > > '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' > > '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' > > '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' > > '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' > > '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' > > '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' > > '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' > > '--disable-openssl-version-check' '--with-dlz-ldap=yes' > > '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' > > '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' > > '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' > > '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' > > 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' > > 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > > -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= > > -DDIG_SIGCHASE' > > using OpenSSL version: OpenSSL 1.0.0 29 Mar 2010 > > using libxml2 version: 2.7.6 > > [root@server samba-master]# > > > > Thank You so much, > > GM. > > > > > > On Sun, Jun 2, 2013 at 4:36 PM, Andrew Bartlett wrote: > > > >> On Mon, 2013-06-03 at 01:11 +0200, steve wrote: > >> > On Mon, 2013-06-03 at 08:16 +1000, Andrew Bartlett wrote: > >> > > On Mon, 2013-06-03 at 00:05 +0200, steve wrote: > >> > > >> > > > Hi > >> > > > openSUSE 12.3 > >> > > > This is the first time in many years where the SUSE/openSUSE bind > >> has > >> > > > _almost_ worked out of the box. They will not entertain non chrooted > >> > > > installs. > >> > > > >> > > This is somehow totally disabled? > >> > > >> > No. You can enable it, but the chroot is the default. You cannot