Problems with replication and dns

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Problems with replication and dns

Samba - General mailing list
Hello,
Thanks for accepting me on the list, I hope to learn and contribute
according to my knowledge.

My main dc is samba 4.4.5 on centos 7.
I am installing a secondary dc with samba 4.7 And had the following problems:
main dc:
samba-tool ntacl sysvolreset:
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py"
, line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/ntacl.py",
line 239, in run    lp, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1618, in setsysvolacl    set_gpos_acl(sysvol, dnsdomain,
domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1523, in set_gpos_acl    passdb=passdb)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py",
line 1486, in set_dir_acl    setntacl(lp, path, acl, domsid,
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb,
service=service)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/ntacls.py",
line 162, in setntacl    smbd.set_nt_acl(file, security.SECINFO_OWNER
| security.SECINFO_GROUP | security.SECINFO_DACL |
security.SECINFO_SACL, sd, service=service)

This error appears on both servers after copying the sysvol directory
¿How could  repair the sysvol?
When trying to replicate the dns with bind, i get errors from zones
that apparently were poorly replicated from windows server.
Trying to delete them with samba tool I get errors that indicate dns
is not available.
How can i delete records directly from the samba database?

Best regards,

Santiago.















--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50  C #10 Sur  80
Bogotá | Medellín | Cali
www.pragma.com.co

--


Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente.

Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito.

Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos.

Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
On Tue, 14 Mar 2017 14:48:17 -0500
Santiago Londoño Mejía via samba <[hidden email]> wrote:

> Hello,
> Thanks for accepting me on the list, I hope to learn and contribute
> according to my knowledge.
>
> My main dc is samba 4.4.5 on centos 7.
> I am installing a secondary dc with samba 4.7 And had the following
> problems: main dc:
> samba-tool ntacl sysvolreset:
> open: error=2 (No such file or directory)
> ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined
> error') File

OK, your policies are in AD and stored in sysvol and I think a policy
is being searched for in sysvol and not being found.

>
> This error appears on both servers after copying the sysvol directory

How did you copy sysvol ?

> ¿How could  repair the sysvol?

You could set up a new domain in a vm and then copy the missing (if
any) default policies.

> When trying to replicate the dns with bind, i get errors from zones
> that apparently were poorly replicated from windows server.

You are going to have to give us more info here, how is bind set up for
instance.

> Trying to delete them with samba tool I get errors that indicate dns
> is not available.

How are you trying to delete them.

> How can i delete records directly from the samba database?

Do not even try this.

Can you also post your smb.conf files

Rowland

>
> Best regards,
>
> Santiago.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list


Here we go again, I think it would be easier extracting teeth without
anaesthetic ;-)

> I copied the sysvol using rsync

How did you run rsync, what actual command did you use ??

> Another sysadmin has configured bind without using the integration
> with samba, this is the problem.

That is not what I asked and it sounds like Bind has been setup
incorrectly, it should be integrated with Samba, I suggest you post
your Bind conf files.

> I can not use the mmc plugin to manage the dns,  must do it directly
> in the bind configuration files.

You should be able to to use the mmc, probably got something to do with
your Bind setup.

> How could repair the dns database to use integration with bind?

I do not know, mostly because I do not know how you have set up Bind.

Can you please post your smb.conf

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
Hello,

Sorry for the few details.

rsync:

rsync -h -a -v /usr/local/samba/var/locks/sysvol/pragma.com.co/
root@server2:/usr/local/samba/var/locks/sysvol/pragma.com.co/

first dc smb.conf:
[global]
    tls verify peer = no_check
    ldap server require strong auth = no
        netbios name = NEPTUNO
        realm = PRAGMA.COM.CO
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
        workgroup = PRAGMA
        server role = active directory domain controller
# interfaces = en160 en160:0 lo
        wins support = Yes
        name resolve order = wins lmhosts hosts bcast

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/pragma.com.co/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

#[Users]
# directory_mode: parameter = 0700
# read only = no
# path = /Users

named.conf:

options {
// tkey-gssapi-keytab “/usr/local/samba/private/dns.keytab†;
        listen-on port 53 { 127.0.0.1; any; };
        listen-on-v6 port 53 { ::1; };
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; any; };
        allow-update { localhost; any; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST
enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
// dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
        forwarders {
                8.8.8.8;
                8.8.4.4;
        };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};
zone "pragma.com.co" {
        type master;
        file "dynamic/pragma.com.co";
};



include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
//include "/usr/local/samba/private/named.conf";



Best regards,

Santiago.



Thank you very much for your help


2017-03-14 16:19 GMT-05:00, Rowland Penny via samba <[hidden email]>:

>
>
> Here we go again, I think it would be easier extracting teeth without
> anaesthetic ;-)
>
>> I copied the sysvol using rsync
>
> How did you run rsync, what actual command did you use ??
>
>> Another sysadmin has configured bind without using the integration
>> with samba, this is the problem.
>
> That is not what I asked and it sounds like Bind has been setup
> incorrectly, it should be integrated with Samba, I suggest you post
> your Bind conf files.
>
>> I can not use the mmc plugin to manage the dns,  must do it directly
>> in the bind configuration files.
>
> You should be able to to use the mmc, probably got something to do with
> your Bind setup.
>
>> How could repair the dns database to use integration with bind?
>
> I do not know, mostly because I do not know how you have set up Bind.
>
> Can you please post your smb.conf
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50  C #10 Sur  80
Bogotá | Medellín | Cali
www.pragma.com.co

--


Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente.

Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito.

Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos.

Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
On Tue, 14 Mar 2017 17:01:24 -0500
Santiago Londoño Mejía <[hidden email]> wrote:

> Hello,
>
> Sorry for the few details.
>
> rsync:
>
> rsync -h -a -v /usr/local/samba/var/locks/sysvol/pragma.com.co/
> root@server2:/usr/local/samba/var/locks/sysvol/pragma.com.co/

OH dear, have a look here:

https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround

>
> first dc smb.conf:
> [global]
>     tls verify peer = no_check
>     ldap server require strong auth = no
> netbios name = NEPTUNO
> realm = PRAGMA.COM.CO
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
> workgroup = PRAGMA
> server role = active directory domain controller
> # interfaces = en160 en160:0 lo
> wins support = Yes
> name resolve order = wins lmhosts hosts bcast

'name resolve order' on something that is running (or should be) a DNS
server ???


> named.conf:

> zone "pragma.com.co" {
> type master;
> file "dynamic/pragma.com.co";
> };

AHA, you are running Bind with the totally unsupported flatfiles, this
does not work.

>
>
>
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
> //include "/usr/local/samba/private/named.conf";

Uncomment the above line, you need it.

Can I suggest you read about DNS on the samba wiki:

https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
Hello,
Thank you very much for your reply.
I have configured bind using the dlz backend and these are the results.

named log:

Mar 15 09:39:41 neptuno named[13166]: sizing zone task pool based on 6 zones
Mar 15 09:39:41 neptuno named[13166]: Loading 'AD DNS Zone' using driver dlopen
Mar 15 09:39:42 neptuno named[13166]: samba_dlz: started for DN
DC=pragma,DC=com,DC=co
Mar 15 09:39:42 neptuno named[13166]: samba_dlz: starting configure
Mar 15 09:39:42 neptuno named[13166]: samba_dlz: configured writeable
zone 'waspruebas.proteccion.com.co'
Mar 15 09:39:42 neptuno named[13166]: samba_dlz: configured writeable
zone 'segdllo02.suranet.com'
Mar 15 09:39:42 neptuno named[13166]: zone dbmed04.pragma.com.co/NONE:
has no NS records
Mar 15 09:39:42 neptuno named[13166]: samba_dlz: Failed to configure
zone 'dbmed04.pragma.com.co'
Mar 15 09:39:42 neptuno named[13166]: loading configuration: bad zone
Mar 15 09:39:42 neptuno named[13166]: exiting (due to fatal error)


named.conf:

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
 tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/usr/local/samba/private/named.conf";


As you can see in the log, the zone dbmed04.pragma.com.co does not
have ns records according to the database.
I've tried deleting it with
./samba-tool dns zonedelete neptuno.pragma.com.co dbmed04.pragma.com.co

ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py"
, line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py",
line 780, in run
    raise e


Best regards,

Santiago.







2017-03-14 17:21 GMT-05:00, Rowland Penny via samba <[hidden email]>:

> On Tue, 14 Mar 2017 17:01:24 -0500
> Santiago Londoño Mejía <[hidden email]> wrote:
>
>> Hello,
>>
>> Sorry for the few details.
>>
>> rsync:
>>
>> rsync -h -a -v /usr/local/samba/var/locks/sysvol/pragma.com.co/
>> root@server2:/usr/local/samba/var/locks/sysvol/pragma.com.co/
>
> OH dear, have a look here:
>
> https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround
>
>>
>> first dc smb.conf:
>> [global]
>>     tls verify peer = no_check
>>     ldap server require strong auth = no
>> netbios name = NEPTUNO
>> realm = PRAGMA.COM.CO
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>> workgroup = PRAGMA
>> server role = active directory domain controller
>> # interfaces = en160 en160:0 lo
>> wins support = Yes
>> name resolve order = wins lmhosts hosts bcast
>
> 'name resolve order' on something that is running (or should be) a DNS
> server ???
>
>
>> named.conf:
>
>> zone "pragma.com.co" {
>> type master;
>> file "dynamic/pragma.com.co";
>> };
>
> AHA, you are running Bind with the totally unsupported flatfiles, this
> does not work.
>
>>
>>
>>
>> include "/etc/named.rfc1912.zones";
>> include "/etc/named.root.key";
>> //include "/usr/local/samba/private/named.conf";
>
> Uncomment the above line, you need it.
>
> Can I suggest you read about DNS on the samba wiki:
>
> https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50  C #10 Sur  80
Bogotá | Medellín | Cali
www.pragma.com.co

--


Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente.

Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito.

Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos.

Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
On Wed, 15 Mar 2017 10:03:59 -0500
Santiago Londoño Mejía <[hidden email]> wrote:

> Hello,
> Thank you very much for your reply.
> I have configured bind using the dlz backend and these are the
> results.
>
> named log:
>
> Mar 15 09:39:41 neptuno named[13166]: sizing zone task pool based on
> 6 zones Mar 15 09:39:41 neptuno named[13166]: Loading 'AD DNS Zone'
> using driver dlopen Mar 15 09:39:42 neptuno named[13166]: samba_dlz:
> started for DN DC=pragma,DC=com,DC=co
> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: starting configure
> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: configured writeable
> zone 'waspruebas.proteccion.com.co'
> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: configured writeable
> zone 'segdllo02.suranet.com'
> Mar 15 09:39:42 neptuno named[13166]: zone dbmed04.pragma.com.co/NONE:
> has no NS records
> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: Failed to configure
> zone 'dbmed04.pragma.com.co'
> Mar 15 09:39:42 neptuno named[13166]: loading configuration: bad zone
> Mar 15 09:39:42 neptuno named[13166]: exiting (due to fatal error)
>

You should only have the zone records for 'pragma.com.co' in AD and
Bind must be running on the DC.

I use Devuan and the Bind files are split into four files, these are
the files I have basically been using for the last 5 years without
problem:

cat /etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

cat /etc/bind/named.conf.options

options {
        directory "/var/cache/bind";
        version "0.0.7";
        notify no;
        empty-zones-enable no;
        allow-query { 127.0.0.1; 192.168.0.0/24; };
        allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
        forwarders { 8.8.8.8; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;

        listen-on-v6 { none; };
        listen-on port 53 { 192.168.0.2; 127.0.0.1; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

 cat /etc/bind/named.conf.local

include "/usr/local/samba/private/named.conf";

cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

 


>
> As you can see in the log, the zone dbmed04.pragma.com.co does not
> have ns records according to the database.

Hang on a minute, you posted that this is the smb.conf on your DC:

realm = PRAGMA.COM.CO

Your realm must be the same as your DNS domain, so where does
'dbmed04.pragma.com.co' come from ??

Try the command like this:

samba-tool dns zonedelete neptuno.pragma.com.co
waspruebas.proteccion.com.co -U Administrator

(just in case it has spilt over two lines, the above should be on one
line)

If that works, remove the other spurious domain and then try
'samba_upgradedns --dns-backend=BIND9_DLZ'

finally delete the last wrong zone 'dbmed04.pragma.com.co'

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
Hello,
Thank you for the answer.

I tried to remove the zone waspruebas.proteccion.com.co with following result


ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 176, in _run/netcmd/dns.py", lin    return self.run(*args,
**kwargs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba
e 780, in run
    raise e

Best regards.

2017-03-15 10:51 GMT-05:00, Rowland Penny via samba <[hidden email]>:

> On Wed, 15 Mar 2017 10:03:59 -0500
> Santiago Londoño Mejía <[hidden email]> wrote:
>
>> Hello,
>> Thank you very much for your reply.
>> I have configured bind using the dlz backend and these are the
>> results.
>>
>> named log:
>>
>> Mar 15 09:39:41 neptuno named[13166]: sizing zone task pool based on
>> 6 zones Mar 15 09:39:41 neptuno named[13166]: Loading 'AD DNS Zone'
>> using driver dlopen Mar 15 09:39:42 neptuno named[13166]: samba_dlz:
>> started for DN DC=pragma,DC=com,DC=co
>> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: starting configure
>> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: configured writeable
>> zone 'waspruebas.proteccion.com.co'
>> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: configured writeable
>> zone 'segdllo02.suranet.com'
>> Mar 15 09:39:42 neptuno named[13166]: zone dbmed04.pragma.com.co/NONE:
>> has no NS records
>> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: Failed to configure
>> zone 'dbmed04.pragma.com.co'
>> Mar 15 09:39:42 neptuno named[13166]: loading configuration: bad zone
>> Mar 15 09:39:42 neptuno named[13166]: exiting (due to fatal error)
>>
>
> You should only have the zone records for 'pragma.com.co' in AD and
> Bind must be running on the DC.
>
> I use Devuan and the Bind files are split into four files, these are
> the files I have basically been using for the last 5 years without
> problem:
>
> cat /etc/bind/named.conf
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
>
> cat /etc/bind/named.conf.options
>
> options {
>         directory "/var/cache/bind";
>         version "0.0.7";
>         notify no;
>         empty-zones-enable no;
>         allow-query { 127.0.0.1; 192.168.0.0/24; };
>         allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
>         forwarders { 8.8.8.8; };
>         allow-transfer { none; };
>         dnssec-validation no;
>         dnssec-enable no;
>
>         listen-on-v6 { none; };
>         listen-on port 53 { 192.168.0.2; 127.0.0.1; };
>         tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> };
>
>  cat /etc/bind/named.conf.local
>
> include "/usr/local/samba/private/named.conf";
>
> cat /etc/bind/named.conf.default-zones
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> // be authoritative for the localhost forward and reverse zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
>
>
>
>>
>> As you can see in the log, the zone dbmed04.pragma.com.co does not
>> have ns records according to the database.
>
> Hang on a minute, you posted that this is the smb.conf on your DC:
>
> realm = PRAGMA.COM.CO
>
> Your realm must be the same as your DNS domain, so where does
> 'dbmed04.pragma.com.co' come from ??
>
> Try the command like this:
>
> samba-tool dns zonedelete neptuno.pragma.com.co
> waspruebas.proteccion.com.co -U Administrator
>
> (just in case it has spilt over two lines, the above should be on one
> line)
>
> If that works, remove the other spurious domain and then try
> 'samba_upgradedns --dns-backend=BIND9_DLZ'
>
> finally delete the last wrong zone 'dbmed04.pragma.com.co'
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50  C #10 Sur  80
Bogotá | Medellín | Cali
www.pragma.com.co

--


Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente.

Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito.

Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos.

Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
On Wed, 15 Mar 2017 11:16:44 -0500
Santiago Londoño Mejía <[hidden email]> wrote:

> Hello,
> Thank you for the answer.
>
> I tried to remove the zone waspruebas.proteccion.com.co with
> following result
>
>
> ERROR(runtime): uncaught exception - (9717,
> 'WERR_DNS_ERROR_DS_UNAVAILABLE') File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
> line 176, in _run/netcmd/dns.py", lin    return self.run(*args,
> **kwargs) File "/usr/local/samba/lib64/python2.6/site-packages/samba
> e 780, in run
>     raise e
>
> Best regards.
>

OK, can you post your /etc/hosts, /etc/hostname and /etc/resolv.conf
files

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
Hello,

/etc/hosts:
127.0.0.1   nemesis nemesis.pragma.com.co localhost
localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.37 neptuno.pragma.com.co neptuno

/etc/hosts:
neptuno
/etc/resolv.conf:

search pragma.com.co
nameserver 192.168.0.37

Best regards,

Santiago.

2017-03-15 11:34 GMT-05:00, Rowland Penny via samba <[hidden email]>:

> On Wed, 15 Mar 2017 11:16:44 -0500
> Santiago Londoño Mejía <[hidden email]> wrote:
>
>> Hello,
>> Thank you for the answer.
>>
>> I tried to remove the zone waspruebas.proteccion.com.co with
>> following result
>>
>>
>> ERROR(runtime): uncaught exception - (9717,
>> 'WERR_DNS_ERROR_DS_UNAVAILABLE') File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>> line 176, in _run/netcmd/dns.py", lin    return self.run(*args,
>> **kwargs) File "/usr/local/samba/lib64/python2.6/site-packages/samba
>> e 780, in run
>>     raise e
>>
>> Best regards.
>>
>
> OK, can you post your /etc/hosts, /etc/hostname and /etc/resolv.conf
> files
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50  C #10 Sur  80
Bogotá | Medellín | Cali
www.pragma.com.co

--


Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente.

Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito.

Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos.

Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
On Wed, 15 Mar 2017 11:55:05 -0500
Santiago Londoño Mejía <[hidden email]> wrote:

> Hello,
>
> /etc/hosts:
> 127.0.0.1   nemesis nemesis.pragma.com.co localhost
> localhost.localdomain localhost4 localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6 192.168.0.37 neptuno.pragma.com.co neptuno
>

Can I suggest changing the above to:
127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost localhost6
192.168.0.37 neptuno.pragma.com.co neptuno


Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
Hello,
I made the indicated changes, rebooted the server but the error persists.
ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')
¿What other options might try?

Best regards,
Santiago.


2017-03-15 12:16 GMT-05:00, Rowland Penny via samba <[hidden email]>:

> On Wed, 15 Mar 2017 11:55:05 -0500
> Santiago Londoño Mejía <[hidden email]> wrote:
>
>> Hello,
>>
>> /etc/hosts:
>> 127.0.0.1   nemesis nemesis.pragma.com.co localhost
>> localhost.localdomain localhost4 localhost4.localdomain4
>> ::1         localhost localhost.localdomain localhost6
>> localhost6.localdomain6 192.168.0.37 neptuno.pragma.com.co neptuno
>>
>
> Can I suggest changing the above to:
> 127.0.0.1 localhost.localdomain localhost
> ::1 localhost.localdomain localhost localhost6
> 192.168.0.37 neptuno.pragma.com.co neptuno
>
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50  C #10 Sur  80
Bogotá | Medellín | Cali
www.pragma.com.co

--


Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente.

Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito.

Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos.

Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
On Wed, 15 Mar 2017 12:40:37 -0500
Santiago Londoño Mejía <[hidden email]> wrote:

> Hello,
> I made the indicated changes, rebooted the server but the error
> persists. ERROR(runtime): uncaught exception - (9717,
> 'WERR_DNS_ERROR_DS_UNAVAILABLE') ¿What other options might try?
>
> Best regards,
> Santiago.
>
>

Have you tried running samba_upgradedns ?

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
Hello,
Yes, i have run: /samba_upgradedns --dns-backend=BIND9_DLZ
This command runs without errors but I can not delete the zone
waspruebas.proteccion.com.co

Best regards,

Santiago.







2017-03-15 12:44 GMT-05:00, Rowland Penny via samba <[hidden email]>:

> On Wed, 15 Mar 2017 12:40:37 -0500
> Santiago Londoño Mejía <[hidden email]> wrote:
>
>> Hello,
>> I made the indicated changes, rebooted the server but the error
>> persists. ERROR(runtime): uncaught exception - (9717,
>> 'WERR_DNS_ERROR_DS_UNAVAILABLE') ¿What other options might try?
>>
>> Best regards,
>> Santiago.
>>
>>
>
> Have you tried running samba_upgradedns ?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50  C #10 Sur  80
Bogotá | Medellín | Cali
www.pragma.com.co

--


Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente.

Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito.

Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos.

Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
Hello,
¿Could you give me some other idea to eliminate these zones?

Best regards,

Santiago.



2017-03-15 13:39 GMT-05:00, Santiago Londoño Mejía
<[hidden email]>:

> Hello,
> Yes, i have run: /samba_upgradedns --dns-backend=BIND9_DLZ
> This command runs without errors but I can not delete the zone
> waspruebas.proteccion.com.co
>
> Best regards,
>
> Santiago.
>
>
>
>
>
>
>
> 2017-03-15 12:44 GMT-05:00, Rowland Penny via samba
> <[hidden email]>:
>> On Wed, 15 Mar 2017 12:40:37 -0500
>> Santiago Londoño Mejía <[hidden email]> wrote:
>>
>>> Hello,
>>> I made the indicated changes, rebooted the server but the error
>>> persists. ERROR(runtime): uncaught exception - (9717,
>>> 'WERR_DNS_ERROR_DS_UNAVAILABLE') ¿What other options might try?
>>>
>>> Best regards,
>>> Santiago.
>>>
>>>
>>
>> Have you tried running samba_upgradedns ?
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
> --
> Santiago Londoño Mejía
> Analista de Infraestructura
> t. (574) 605 25 23 ext. 1232
> m. (57) 3148332567
> Medellín | Carrera 50  C #10 Sur  80
> Bogotá | Medellín | Cali
> www.pragma.com.co
>


--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50  C #10 Sur  80
Bogotá | Medellín | Cali
www.pragma.com.co

--


Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente.

Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito.

Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos.

Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with replication and dns

Samba - General mailing list
Hello,
Is it possible to reinstall the dc keeping only the user and passwords database?


Best regards,

Santiago.



2017-03-21 9:08 GMT-05:00, Santiago Londoño Mejía
<[hidden email]>:

> Hello,
> ¿Could you give me some other idea to eliminate these zones?
>
> Best regards,
>
> Santiago.
>
>
>
> 2017-03-15 13:39 GMT-05:00, Santiago Londoño Mejía
> <[hidden email]>:
>> Hello,
>> Yes, i have run: /samba_upgradedns --dns-backend=BIND9_DLZ
>> This command runs without errors but I can not delete the zone
>> waspruebas.proteccion.com.co
>>
>> Best regards,
>>
>> Santiago.
>>
>>
>>
>>
>>
>>
>>
>> 2017-03-15 12:44 GMT-05:00, Rowland Penny via samba
>> <[hidden email]>:
>>> On Wed, 15 Mar 2017 12:40:37 -0500
>>> Santiago Londoño Mejía <[hidden email]> wrote:
>>>
>>>> Hello,
>>>> I made the indicated changes, rebooted the server but the error
>>>> persists. ERROR(runtime): uncaught exception - (9717,
>>>> 'WERR_DNS_ERROR_DS_UNAVAILABLE') ¿What other options might try?
>>>>
>>>> Best regards,
>>>> Santiago.
>>>>
>>>>
>>>
>>> Have you tried running samba_upgradedns ?
>>>
>>> Rowland
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>> --
>> Santiago Londoño Mejía
>> Analista de Infraestructura
>> t. (574) 605 25 23 ext. 1232
>> m. (57) 3148332567
>> Medellín | Carrera 50  C #10 Sur  80
>> Bogotá | Medellín | Cali
>> www.pragma.com.co
>>
>
>
> --
> Santiago Londoño Mejía
> Analista de Infraestructura
> t. (574) 605 25 23 ext. 1232
> m. (57) 3148332567
> Medellín | Carrera 50  C #10 Sur  80
> Bogotá | Medellín | Cali
> www.pragma.com.co
>


--
Santiago Londoño Mejía
Analista de Infraestructura
t. (574) 605 25 23 ext. 1232
m. (57) 3148332567
Medellín | Carrera 50  C #10 Sur  80
Bogotá | Medellín | Cali
www.pragma.com.co

--


Este mensaje es confidencial. Puede contener información privilegiada que pertenece a PRAGMA S.A. y/o a sus clientes, contratistas, directores, empleados y asesores, por tanto no debe ser usado ni divulgado por personas distintas a su destinatario. Si obtiene este mensaje por error, equivocación u omisión, por favor bórrelo y avise al remitente.

Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito.

Este mensaje ha sido sometido a programas antivirus. No obstante, PRAGMA S.A. no asume ninguna responsabilidad por eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con sus propios medios la existencia de virus u otros defectos.

Las opiniones, conclusiones y otra información contenida en este correo no relacionadas con el negocio oficial de PRAGMA S.A., deben entenderse como personales y de ninguna manera son avaladas por la Compañía.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...