Re: [Samba] Samba4 and Bind9
On Thu, 26 Jul 2012, Rowland Penny wrote: To add to the bind9 dlz file, use samba-tool dns add I realize that one could do this if absolutely desperate, but it is the most dreadful hack! Very ugly. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and Bind9
On 26/07/12 15:32, Steve Thompson wrote:
Samba 4.0.0beta4, CentOS 6.3.
It seems to me that when samba updates its DNS entries by processing a
dns_update_list entry such as:
A ${DNSDOMAIN} $IP
then:
(1) it is using the Kerberos realm name for DNSDOMAIN rather than the
DNS domain name. Indeed, it seems to me that there is quite a bit of
confusion between the two throughout Samba4.
(2) when a second or third DC is added, the value for $IP inserted in
the second or third DNS is the IP address of the first DC, not that of
the second or third. Huh?
I would _like_ the realm name and the DNS domain name to be the same,
but it appears that one cannot do that: bind9 will no longer start, as
I observed and reported previously.
Steve
Bind9 will not start if you set it up before provisioning Samba4, you
will end up with two zones, one will be the flat file you created and
the other will be the dlz file created by Samba4 and they will clash.
Provision Samba4 then add any servers, workstations etc to the dns
domain (and yes, the realm can be the same as the dns domain, i.e. they
both can be example.com). To add to the bind9 dlz file, use samba-tool
dns add
Try samba-tool dns add --help
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and Bind9
Samba 4.0.0beta4, CentOS 6.3.
It seems to me that when samba updates its DNS entries by processing a
dns_update_list entry such as:
A ${DNSDOMAIN} $IP
then:
(1) it is using the Kerberos realm name for DNSDOMAIN rather than the DNS
domain name. Indeed, it seems to me that there is quite a bit of confusion
between the two throughout Samba4.
(2) when a second or third DC is added, the value for $IP inserted in the
second or third DNS is the IP address of the first DC, not that of the
second or third. Huh?
I would _like_ the realm name and the DNS domain name to be the same, but
it appears that one cannot do that: bind9 will no longer start, as I
observed and reported previously.
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and Bind9
Jep, I had exactly the same issue. I thought I also had to have a full dns configuration to work before I added samba4. Discovered after that samba4 had it's own dns database that bind9 just connected to it through the use of a dlz library. br, Quinn On Tue, Jul 10, 2012 at 2:17 AM, Amitay Isaacs wrote: > Hi Steve, > > On Tue, Jul 10, 2012 at 7:17 AM, Steve Thompson wrote: > > CentOS 6.2, Samba 4.0.0beta3, Bind 9.9.1-P1. > > > > I have a workking Bind9 installation which includes several different > zone > > files. Foward and reverse lookups work fine. > > > > When I include > > > > include "/usr/local/samba4/private/named.conf"; > > > > in the named.conf, named will no longer start: > > > > Jul 9 15:01:47 s6a named[9857]: samba_dlz: started for DN > > DC=test,DC=cornell,DC=edu > > Jul 9 15:01:47 s6a named[9857]: samba_dlz: starting configure > > Jul 9 15:01:47 s6a named[9857]: samba_dlz: Failed to configure zone > > 'test.cornell.edu' > > Jul 9 15:01:47 s6a named[9857]: loading configuration: already exists > > Jul 9 15:01:47 s6a named[9857]: exiting (due to fatal error) > > > > because of a conflict between an already included zone file and the > Samba4 > > domain (test.cornell.edu). > > > > What is the recommended best practice to fix this situation? I don't > believe > > that I should have to add the offending zone's contents to > dns_update_list; > > this seems like a hack to me. But then I don't have a lot of mileage with > > samba_dnsupdate yet. > > > > Steve > > DLZ module is used to dynamically load the zone (the ones configured > in Samba AD) information. So you cannot have two different sources for > the same zone. Please comment the file based forward zone for domain > (test.cornell.edu). And if you have configured reverse zone in AD, > then comment the file based reverse zone as well. > > Amitay. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and Bind9
Hi Steve, On Tue, Jul 10, 2012 at 7:17 AM, Steve Thompson wrote: > CentOS 6.2, Samba 4.0.0beta3, Bind 9.9.1-P1. > > I have a workking Bind9 installation which includes several different zone > files. Foward and reverse lookups work fine. > > When I include > > include "/usr/local/samba4/private/named.conf"; > > in the named.conf, named will no longer start: > > Jul 9 15:01:47 s6a named[9857]: samba_dlz: started for DN > DC=test,DC=cornell,DC=edu > Jul 9 15:01:47 s6a named[9857]: samba_dlz: starting configure > Jul 9 15:01:47 s6a named[9857]: samba_dlz: Failed to configure zone > 'test.cornell.edu' > Jul 9 15:01:47 s6a named[9857]: loading configuration: already exists > Jul 9 15:01:47 s6a named[9857]: exiting (due to fatal error) > > because of a conflict between an already included zone file and the Samba4 > domain (test.cornell.edu). > > What is the recommended best practice to fix this situation? I don't believe > that I should have to add the offending zone's contents to dns_update_list; > this seems like a hack to me. But then I don't have a lot of mileage with > samba_dnsupdate yet. > > Steve DLZ module is used to dynamically load the zone (the ones configured in Samba AD) information. So you cannot have two different sources for the same zone. Please comment the file based forward zone for domain (test.cornell.edu). And if you have configured reverse zone in AD, then comment the file based reverse zone as well. Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
