Posted by Previously, we have been compile and install samba4 that explained at this link : https://imanudin.net/2014/11/16/how-to-install-samba4-active-directory-on-centos-7-part-1/. Now we will configure dns to integrated with Samba and configure Kerberos. First, we should install bind for dns server
yum install bind bind-sdb
Configure named.conf to listen-on port and allow query from samba server. Also include records dns BIND9_DLZ samba
vi /etc/named.conf
change/add and adjust with the following example
Change line below so that become:
listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
Add line below on the bottom
include "/usr/local/samba/private/named.conf";
check bind version and adjust that version in file named.conf on folder /usr/local/samba/private/
yum info bind
[root@samba4 ~]# yum info bind
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Installed Packages
Name : bind
Arch : x86_64
Epoch : 32
Version : 9.9.4
Release : 14.el7
Size : 4.3 M
Repo : installed
From repo : DVD
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
URL : http://www.isc.org/products/BIND/
License : ISC
Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS
: (Domain Name System) protocols. BIND includes a DNS server (named),
: which resolves host names to IP addresses; a resolver library
: (routines for applications to use when interfacing with DNS); and
: tools for verifying that the DNS server is operating properly.
On my system, bind version is 9.9.4. Open file /usr/local/samba/private/named.conf and using database for bind 9.9.0 so that as below :
vi /usr/local/samba/private/named.conf
dlz "AD DNS Zone" {
# For BIND 9.8.0
# database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so";
# For BIND 9.9.0
database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";
};
change owner of folder /var/named, restart dns service and testing
chown named.named /var/named/ service named restart
host -t SRV _ldap._tcp.imanudin.net. host -t SRV _kerberos._udp.imanudin.net. host -t A imanudin.net.
This is results of above command. If your results different, maybe configure of dns still problem
[root@samba4 ~]# host -t SRV _ldap._tcp.imanudin.net. _ldap._tcp.imanudin.net has SRV record 0 100 389 samba4.imanudin.net. [root@samba4 ~]# host -t SRV _kerberos._udp.imanudin.net. _kerberos._udp.imanudin.net has SRV record 0 100 88 samba4.imanudin.net. [root@samba4 ~]# host -t A imanudin.net. imanudin.net has address 192.168.26.11
# Configure Kerberos
cp /etc/krb5.conf /etc/krb5.conf.ori cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
# Testing Kerberos
kinit administrator klist -e
This is results of testing Kerberos
[root@samba4 ~]# kinit administrator
Password for administrator@IMANUDIN.NET:
Warning: Your password will expire in 41 days on Mon Dec 29 00:50:47 2014
[root@samba4 ~]# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@IMANUDIN.NET
Valid starting Expires Service principal
11/17/14 00:57:04 11/17/14 10:57:04 krbtgt/IMANUDIN.NET@IMANUDIN.NET
renew until 11/18/14 00:57:01, Etype (skey, tkt): arcfour-hmac, arcfour-hmac
# Configure kerberos DNS dynamic updates (Optional)
This configuration is optional. You can apply or skip this section. For configuration,adding this line tkey-gssapi-keytab “/usr/local/samba/private/dns.keytab”; in named.conf on options section. See the following example
vi /etc/named.conf
options {
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
listen-on port 53 { 127.0.0.1; any; };
Run the following command to change owner and access on dns.keytab file
chgrp named /usr/local/samba/private/dns.keytab chmod g+r /usr/local/samba/private/dns.keytab systemctl enable named.service
check whether any update about dynamic DNS updates with the following command
/usr/local/samba/sbin/samba_dnsupdate --verbose
Hooray, now we have been succeeded install Samba4 as Active Directory and be able join Windows client to Samba4.
Good luck and hopefully useful 😀
Hi!
Thank you for your tutorial, I’m following step by step but I’m receiving this error:
Loading ‘AD DNS Zone’ using driver dlopen
samba_dlz: Failed to connect to /usr/local/samba/private/dns/sam.ldb
When I try:
service named restart
Do you have any tips?
Thank you again!
Check if in file: /usr/local/samba/etc/smb.conf you have entry like:
dns forwarder =
if yes then delete it
Hi Roger,
Are you have been install bind-sdb? please paste results of this command
rpm -qa | grep bind
Hi Iman!
I tried again in my work with a new install (CentOS-7.0-1406-x86_64-Minimal) but I still having the same error.
—————-
# journalctl -xn
Dec 02 15:34:09 dc1.xyz.lan named[2164]: dlz_dlopen of ‘AD DNS Zone’ failed
Dec 02 15:34:09 dc1.xyz.lan named[2164]: SDLZ driver failed to load.
Dec 02 15:34:09 dc1.xyz.lan named[2164]: DLZ driver failed to load.
Dec 02 15:34:09 dc1.xyz.lan named[2164]: loading configuration: failure
Dec 02 15:34:09 dc1.xyz.lan named[2164]: exiting (due to fatal error)
Dec 02 15:34:09 dc1.xyz.lan systemd[1]: named.service: control process exited, code=exited status=1
Dec 02 15:34:09 dc1.xyz.lan systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
— Subject: Unit named.service has failed
—————-
The bind-sdb is installed
# rpm -qa | grep bind
bind-sdb-9.9.4-14.el7.x86_64
bind-license-9.9.4-14.el7.noarch
bind-libs-9.9.4-14.el7.x86_64
bind-libs-lite-9.9.4-14.el7.x86_64
bind-9.9.4-14.el7.x86_64
—————-
Maybe it’s a rights issue in the folder?
I did the #chown named.named /var/named/
drwxr-x— 5 named 120 Dec 2 14:41 named/
—————-
Thank you!
Hi Roger,
It seems that problem while provisioning. Please try to remove sam.ldb and provision again
rm /usr/local/samba/private/sam.ldb
/usr/local/samba/bin/samba-tool domain provision
Hello Iman,
How did you configure your bind for imanudin.net domain?
Thanks
Hi Bernard,
I just configure my bind same as how to on this guidance. In this guidance, i am using BIND9_DLZ who has been provided by Samba4 all records of dns needed
I figured out why host -t SRV & A is not working.
I updated the /etc/resolv.conf and added the local dns running on my test server (e.g nameserver ) before I run the host -t SRV & A commands.
Hi Bernard,
Please make sure your bind service has been starting. Please check any problem on the log in /var/log/messages for tracking and debugging
Hi guys,
I found a solution for this problem (if you always need it) :
samba_dlz: Failed to connect to /usr/local/samba/private/dns/sam.ldb
chmod 777 /usr/local/samba/private/
chmod 777 /usr/local/samba/private/dns/
chmod 777 /usr/local/samba/private/dns.keytab
chmod 777 /usr/local/samba/private/dns/sam.ldb.d
chmod 777 /usr/local/samba/private/dns/sam.ldb
It worked for me next that 🙂
Bye
Hi Krickk,
Thanks for your information. Very helpful. Good job 😀
Hi Iman,
I have the following errors,
host -t SRV _kerberos._udp.ashproperties.com.
Host _kerberos._udp.ashproperties.com. not found: 3(NXDOMAIN)
host -t SRV _ldap._tcp.ashproperties.com.
Host _ldap._tcp.ashproperties.com. not found: 3(NXDOMAIN)
service named restart
Redirecting to /bin/systemctl restart named.service
Job for named.service failed. See ‘systemctl status named.service’ and ‘journalctl -xn’ for details.
Additional info:
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: localhost
NetBIOS Domain: ASHPROPERTIES
DNS Domain: ashproperties.com
DOMAIN SID: S-1-5-21-28188146-4262063930-3393960050
Hi Ron,
It seems problem on your /etc/hosts. Please change information on /etc/hosts so that like below :
127.0.0.1 localhost
192.168.26.11 samba4.ashproperties.com samba4
[rbautista@localhost ~]$ systemctl status named
named.service – Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled)
Active: active (running) since Thu 2015-03-12 09:12:21 EDT; 1h 19min ago
Process: 19427 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 19441 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 19438 ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf (code=exited, status=0/SUCCESS)
Main PID: 19442 (named)
CGroup: /system.slice/named.service
└─19442 /usr/sbin/named -u named
Hi Ron,
It seems your DNS configuration still problem. Please paste the result of this command :
systemctl restart named
systemctl status named
tail -n20 /var/log/messages
[rbautista@localhost ~]$ systemctl status named
named.service – Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled)
Active: active (running) since Thu 2015-03-12 09:12:21 EDT; 1h 19min ago
Process: 19427 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 19441 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 19438 ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf (code=exited, status=0/SUCCESS)
Main PID: 19442 (named)
CGroup: /system.slice/named.service
└─19442 /usr/sbin/named -u named
Hi!
Very nice tutorial!
Everything is working, but i can’t create a new account in my domain, only the administrator account is working.
I used: “useradd xxx” and “smbpasswd xxx” but i can’t connect on my domain.
Hi Heio,
1. For create account, you could using RSAT from Windows (You need to join firstly) as described at this link : https://imanudin.net/2014/11/18/tips-join-windows-client-to-samba4-active-directory/
2. You could using CLI. Please try this command /usr/local/samba/bin/samba-tool user add newuser passwordnewuser
Thank a lot for your answer.
“samba-tool” is missing on CentOS 7 and i can’t find it with “yum provides samba-tool”
I’m gonna try with RSAT.
I’ve tried with RSAT on Windows 7 and it’s working!
I can create a user and connect and the domain.
Thank a lot!
But i’m wondering, why can’t i find samba-tool on CentOS 7.
Hi Heio,
The location of samba-tool is /usr/local/samba/bin.
Hello,
Thanks for your guide.
While trying to install BIND, package bind-sdb isn’t installed. Package bind installs correctly without errors.
I get the following output:
yum install bind-sdb
Loaded plugins: amazon-id, rhui-lb
No package bind-sdb available.
Error: Nothing to do
Do you have any suggestions?
Best Regards,
Konstantin.
Hi Konstantin,
Please try to use/add Epel repo. Please see at this link : http://fedoraproject.org/wiki/EPEL
I’ve installed bind-sdb manually, and it worked.
Thanks!
Hi Konstantin,
Glad to hear that. Thanks for your feedback 😉
Hi iman great post.
i have an issue with dns update
01-Oct-2015 05:10:27.023 database: info: samba_dlz: starting transaction on zone eproyiv.cu
01-Oct-2015 05:10:27.026 update-security: error: client 172.168.1.4#1370: update ‘eproyiv.cu/IN’ denied
01-Oct-2015 05:10:27.026 database: info: samba_dlz: cancelling transaction on zone eproyiv.cu
i check everything and seem to be allright
Hi David,
You can try to restart your Workstation and re-login to Samba4. Please make sure you have configured DNS Dynamic Address
service named start
Failed to connect to /usr/local/samba/private/dns/sam.ldb
Still looking for an answer for this! Therefor neither LDAP nor kerberos are not working 🙁 I gave permission to this file as an owner for named but not working..
Hi,
Please try to change permission with 777. For example
Sometimes, i also use this options for make sure nothing problem with my configuration. But problem in permissions 😉
You saved the day! Now it works great thx a lot 🙂 How i’m silly
Let me add something; BIND must have installed before provisioning bcoz during the provision samba generates /usr/local/samba/private/named.conf! I mean If bind installed already than samba creates the right configuration file..
Attention! If you try to re-enable SElinux!
Must add the following rules;
firewall-cmd –permanent –add-port=53/tcp
firewall-cmd –permanent –add-port=53/udp
firewall-cmd –permanent –add-port=88/tcp
firewall-cmd –permanent –add-port=88/udp
firewall-cmd –permanent –add-port=135/tcp
firewall-cmd –permanent –add-port=137/tcp
firewall-cmd –permanent –add-port=137/udp
firewall-cmd –permanent –add-port=138/udp
firewall-cmd –permanent –add-port=139/tcp
firewall-cmd –permanent –add-port=389/tcp
firewall-cmd –permanent –add-port=389/udp
firewall-cmd –permanent –add-port=445/tcp
firewall-cmd –permanent –add-port=464/tcp
firewall-cmd –permanent –add-port=464/udp
firewall-cmd –permanent –add-port=636/tcp
firewall-cmd –permanent –add-port=1024-5000/tcp
firewall-cmd –permanent –add-port=1024-5000/udp
firewall-cmd –permanent –add-port=3268/tcp
firewall-cmd –permanent –add-port=3269/tcp
firewall-cmd –permanent –add-port=5353/tcp
firewall-cmd –permanent –add-port=5353/udp
And restart.. Restart again 🙂
Thx again man you are great
Best regards
Glad to hear that Metin.
Thanks also for Firewall Command 😉
May I ask question?
I have some problem, when I running “service named restart”.
It can’t start.
Dec 21 22:36:59 sdc.tatung.com named[997]: —————————————————-
Dec 21 22:36:59 sdc.tatung.com named[997]: adjusted limit on open files from 4096 to 1048576
Dec 21 22:36:59 sdc.tatung.com named[997]: found 2 CPUs, using 2 worker threads
Dec 21 22:36:59 sdc.tatung.com named[997]: using 2 UDP listeners per interface
Dec 21 22:36:59 sdc.tatung.com named[997]: using up to 4096 sockets
Dec 21 22:36:59 sdc.tatung.com named[997]: loading configuration from ‘/etc/named.conf’
Dec 21 22:36:59 sdc.tatung.com named[997]: reading built-in trusted keys from file ‘/etc/named.iscdlv.key’
Dec 21 22:36:59 sdc.tatung.com named[997]: using default UDP/IPv4 port range: [1024, 65535]
Dec 21 22:36:59 sdc.tatung.com named[997]: using default UDP/IPv6 port range: [1024, 65535]
Dec 21 22:36:59 sdc.tatung.com named[997]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 21 22:36:59 sdc.tatung.com named[997]: listening on IPv4 interface eno16777728, 172.17.0.51#53
Dec 21 22:36:59 sdc.tatung.com named[997]: listening on IPv6 interface lo, ::1#53
Dec 21 22:36:59 sdc.tatung.com named[997]: generating session key for dynamic DNS
Dec 21 22:36:59 sdc.tatung.com named[997]: sizing zone task pool based on 6 zones
Dec 21 22:36:59 sdc.tatung.com named[997]: Loading ‘AD DNS Zone’ using driver dlopen
Dec 21 22:36:59 sdc.tatung.com named[997]: dlz_dlopen: incorrect version 1 should be 2 in ‘/usr/local/samba/lib/bind9/dlz_bind9.so’
Dec 21 22:36:59 sdc.tatung.com named[997]: dlz_dlopen of ‘AD DNS Zone’ failed
Dec 21 22:36:59 sdc.tatung.com kernel: named[998]: segfault at a8 ip 00007f839d754939 sp 00007f8399591310 error 4 in named[7f839d6e6000+86000]
Dec 21 22:37:00 sdc.tatung.com systemd[1]: named.service: control process exited, code=exited status=1
Dec 21 22:37:00 sdc.tatung.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
But i already install bind.
rpm -qa | grep bind
bind-9.9.4-29.el7_2.1.x86_64
bind-libs-9.9.4-29.el7_2.1.x86_64
bind-libs-lite-9.9.4-29.el7_2.1.x86_64
bind-license-9.9.4-29.el7_2.1.noarch
bind-sdb-9.9.4-29.el7_2.1.x86_64
Can you help me to fix this problem ?
Hi,
Your problem is here
Please open file /usr/local/samba/private/named.conf and ensure dlz bind is same as bind version
Hi, Iman
why i enter the host -t SRV _ldap._tcp.imanudin.net. it show me: ap._tcp.imanudin.net has no SRV record
Hi Charles,
Please make sure services of bind9 already running. Please check also using nslookup
Hi Iman ,
i have this problem with “kinit administrator”… kinit: Cannot contact any KDC for realm ‘AUDIFARMA.LOCAL’ while getting initial credentials
Help me please!!
Hi Carlos,
Please make sure you already configure /etc/krb5.conf
[libdefaults]
default_realm = AUDIFARMA.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
# forwardable = true
[realms]
AUDIFARMA.LOCAL = {
kdc = pdc.audifarma.local
admin_server = pdc.audifarma.local
}
[domain_realm]
.audifarma.local = AUDIFARMA.LOCAL
audifarma.local = AUDIFARMA.LOCAL
but continues with the error
Hi Carlos,
Please perform the following command and try again
I had this problem as well and the cause was /etc/resolv.conf pointing to an external DNS server in stead of DNS server for Samba.
BC
How to add dhcp service to this server where it will dynamically update the dns server?
Hi Versata,
For this time, i have not know how to integrate them
Everytime i install samba with BIND9_DLZ i get the following error…….
# systemctl -l status named
● named.service – Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2016-03-05 11:44:49 IST; 19min ago
Process: 5982 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=1/FAILURE)
Process: 5979 ExecStartPre=/bin/bash -c if [ ! “$DISABLE_ZONE_CHECKING” == “yes” ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo “Checking of zone files is disabled”; fi (code=exited, status=0/SUCCESS)
Main PID: 2211 (code=exited, status=0/SUCCESS)
Mar 05 11:44:49 test.example.com named[5985]: listening on IPv4 interface enp0s3, 192.168.1.10#53
Mar 05 11:44:49 test.example.com named[5985]: generating session key for dynamic DNS
Mar 05 11:44:49 test.example.com named[5985]: sizing zone task pool based on 6 zones
Mar 05 11:44:49 test.example.com named[5985]: Loading ‘AD DNS ZONE’ using driver dlopen
Mar 05 11:44:49 test.example.com named[5985]: dlz_dlopen failed to open library ‘/usr/local/samba/lib/bind9/dlz_bind9_9.so’ – /usr/local/samba/lib/bind9/dlz_bind9_9.so: failed to map segment from shared object: Permission denied
Mar 05 11:44:49 test.example.com named[5985]: dlz_dlopen of ‘AD DNS ZONE’ failed
Mar 05 11:44:49 test.example.com systemd[1]: named.service: control process exited, code=exited status=1
Mar 05 11:44:49 test.example.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Mar 05 11:44:49 test.example.com systemd[1]: Unit named.service entered failed state.
Mar 05 11:44:49 test.example.com systemd[1]: named.service failed.
#ll /usr/local/samba/lib/bind9/dlz_bind9_9.so
-rwxr-xr-x. 1 root named 50920 Mar 5 09:36 /usr/local/samba/lib/bind9/dlz_bind9_9.so
Hi,
Please perform the following command and restart BIND
#/usr/local/samba/sbin/samba_upgradedns –dns-backend=BIND9_DLZ
Reading domain information
DNS accounts already exist
No zone file /usr/local/samba/private/dns/EXAMPLE.COM.zone
DNS records will be automatically created
DNS partitions already exist
dns-test account already exists
See /usr/local/samba/private/named.conf for an example configuration include file for BIND
and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates
Finished upgrading DNS
After that got the same error……..
Hi,
Are you already make sure firewall/Selinux has been disabled? please check with this command :
Its working fine in Centos-6 with bind9.8 . But in Centos7 with Bind9.9 always the same problem.
Selinux and firewall is off in Centos 7 but still comes the same problem.
hi! i have a problem! i need to join linux machine on samba4 domain. I used this tutorial to create samba AD. At moment the client have some problem with DNS, the error is “Host kclient.samdom.er.com not found: 3(NXDOMAIN)”. File hosts it’s properly configured. From server i can ping the client and viceversa. Windows works good in domain, i also a problem with linux join.
Hi Gennaro,
For Linux client who join domain, i am not yet try in other Linux. I am usually use openSUSE/SLES for join domain using YAST (Wizard/GUI) 😀
Ok thank. I have another question. I need manage some users from kerberos database with “kadmin” and generate some keytabs for clients. With samba4 i add users with “samba-tool” and kerberos works fine but how can i generate keytabs and to use kadmin interface?? In another server i have configured kerberos generating a database and add user principals, the kadmin interface worked fine. In your tutorial what is the kerberosdatabase? whats is the principals kerberos?
Hi,
I am sorry. I am do not have experience in keytab database 🙂
It doesn’t works for me it says that it can’t solved the DNS
Hi Edgar,
Please check whether your DNS server has been worked or not. You can check from services of BIND, nslookup command or dig and firewall configuration
Hello Mas Iman,
Salam SUPERRR…
nice sharing..
Lagi nyoba SAMBA nih buat PDC di kantor, tapi ada trouble pas di bagian konfigurasi BIND
[root@sambalab samba]# systemctl restart named
Job for named.service failed because the control process exited with error code. See “systemctl status named.service” and “journalctl -xe” for details.
[root@sambalab samba]# systemctl status named
● named.service – Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2016-05-27 15:04:26 WIB; 12s ago
Process: 7045 ExecStartPre=/bin/bash -c if [ ! “$DISABLE_ZONE_CHECKING” == “yes” ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo “Checking of zone files is disabled”; fi (code=exited, status=1/FAILURE)
May 27 15:04:25 sambalab.ito.co.id systemd[1]: Starting Berkeley Internet Name Domain (DNS)…
May 27 15:04:26 sambalab.ito.co.id bash[7045]: /etc/named.conf:57: open: usr/local/samba/private/n…und
May 27 15:04:26 sambalab.ito.co.id systemd[1]: named.service: control process exited, code=exited …s=1
May 27 15:04:26 sambalab.ito.co.id systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
May 27 15:04:26 sambalab.ito.co.id systemd[1]: Unit named.service entered failed state.
May 27 15:04:26 sambalab.ito.co.id systemd[1]: named.service failed.
[root@sambalab samba]# journalctl -xe
May 27 15:04:46 sambalab.ito.co.id systemd[1]: Started Generate rndc key for BIND (DNS).
— Subject: Unit named-setup-rndc.service has finished start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit named-setup-rndc.service has finished starting up.
—
— The start-up result is done.
May 27 15:04:46 sambalab.ito.co.id systemd[1]: Starting Berkeley Internet Name Domain (DNS)…
— Subject: Unit named.service has begun start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit named.service has begun starting up.
May 27 15:04:46 sambalab.ito.co.id bash[7136]: /etc/named.conf:57: open: usr/local/samba/private/named.c
May 27 15:04:46 sambalab.ito.co.id systemd[1]: named.service: control process exited, code=exited status
May 27 15:04:46 sambalab.ito.co.id systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
— Subject: Unit named.service has failed
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit named.service has failed.
—
— The result is failed.
May 27 15:04:46 sambalab.ito.co.id systemd[1]: Unit named.service entered failed state.
May 27 15:04:46 sambalab.ito.co.id systemd[1]: named.service failed.
May 27 15:04:46 sambalab.ito.co.id polkitd[670]: Unregistered Authentication Agent for unix-process:7129
lines 3092-3118/3118 (END)
May 27 15:04:46 sambalab.ito.co.id systemd[1]: Started Generate rndc key for BIND (DNS).
— Subject: Unit named-setup-rndc.service has finished start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit named-setup-rndc.service has finished starting up.
—
— The start-up result is done.
May 27 15:04:46 sambalab.ito.co.id systemd[1]: Starting Berkeley Internet Name Domain (DNS)…
— Subject: Unit named.service has begun start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit named.service has begun starting up.
May 27 15:04:46 sambalab.ito.co.id bash[7136]: /etc/named.conf:57: open: usr/local/samba/private/named.conf: file not found
May 27 15:04:46 sambalab.ito.co.id systemd[1]: named.service: control process exited, code=exited status=1
May 27 15:04:46 sambalab.ito.co.id systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
— Subject: Unit named.service has failed
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit named.service has failed.
—
— The result is failed.
May 27 15:04:46 sambalab.ito.co.id systemd[1]: Unit named.service entered failed state.
May 27 15:04:46 sambalab.ito.co.id systemd[1]: named.service failed.
May 27 15:04:46 sambalab.ito.co.id polkitd[670]: Unregistered Authentication Agent for unix-process:7129:734534 (system bus name :1.99, object path /org/freedesktop/Pol
ini…salah dimana ya mas??
terimakasih untuk infonya.
Warm regards,
Hi mas Haryanto,
Bisa diinfo isinya apa baris ke 57 file /etc/named.conf (/etc/named.conf:57)
[root@sambalab samba]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { localhost; any; };
/*
– If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
– If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
– If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
[root@sambalab samba]# vi /usr/local/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include “/usr/local/samba/private/named.conf”;
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz “AD DNS Zone” {
# For BIND 9.8.0
database “dlopen /usr/local/samba/lib/bind9/dlz_bind9.so”;
# For BIND 9.9.0
database “dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so”;
};
Hi mas,
Sudah ikuti panduan yang ini?
Dan sesuaikan isian ini sesuai dengan versi bind9 yang digunakan?
dlz "AD DNS Zone" { # For BIND 9.8.0 # database "dlopen /usr/local/samba/lib/bind9/dlz_bind9.so"; # For BIND 9.9.0 database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so"; };yg 9.8 di un-comment mas??
yg 9.9 sudah saya enable..
Hi mas,
Jika versi bind nya 9.9, maka cukup versi 9.9 saja yang diopen. Yang lain jangan
Hi iman after doing this do I need to create zones files or forward zones?
Hi Edgar,
No, you not necessary to create zones file. All zones automatic configured by BIND9_DLZ
Hi after doing this do I need to create zones files or forward zones?
Hi mas Iman,
restart named.service sudah bisa mas..guidance jg sudah saya ikutin..tapi pas instruksi berikut..
[root@samba ~]# host -t SRV _ldap._tcp.ito.co.id.
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached
[root@samba ~]# host -t SRV _kerberos._udp.ito.co.id.
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached
[root@samba ~]# host -t A ito.co.id
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached
whats wrong mas? need help pls..
thx bro.
Hi mas,
Pastikan services DNS nya sudah jalan. Coba cek pake perintah nslookup jika pake perintah host tidak bisa
Pastikan IP nameserver yang pertama mengarah ke localhost/IP server itu sendiri
Dear Mas Iman..
IP nameserver sudah saya arhkan ke ip server..domain ito.co.id masih belum kebaca mas. nslookup ito.co.id tidak ada.
berikut konfigurasinya..
[root@sambalab etc]# vi /etc/hosts
127.0.0.1 sambalab sambalab.ito.co.id
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.0.10.20 sambalab sambalab.ito.co.id
[root@sambalab etc]# vi /etc/resolve.conf
# Generated by NetworkManager
nameserver localhost
nameserver 172.10.0.20
[root@sambalab etc]# vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 172.0.10.20; any; };
listen-on-v6 port 53 { ::1; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { localhost; any; };
/*
– If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
– If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
– If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file “/etc/named.iscdlv.key”;
managed-keys-directory “/var/named/dynamic”;
pid-file “/run/named/named.pid”;
session-keyfile “/run/named/session.key”;
};
[root@sambalab etc]# vi /etc/krb5.conf
[libdefaults]
default_realm = ITO.CO.ID
dns_lookup_realm = true
dns_lookup_kdc = true
[root@sambalab etc]# systemctl status samba.service
● samba.service – LSB: Bring up/down samba
Loaded: loaded (/etc/rc.d/init.d/samba)
Active: active (running) since Mon 2016-05-30 10:26:37 WIB; 26min ago
Docs: man:systemd-sysv-generator(8)
Process: 8577 ExecStop=/etc/rc.d/init.d/samba stop (code=killed, signal=TERM)
Process: 8582 ExecStart=/etc/rc.d/init.d/samba start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/samba.service
├─8590 /usr/local/samba/sbin/samba
├─8612 /usr/local/samba/sbin/samba
├─8613 /usr/local/samba/sbin/samba
├─8614 /usr/local/samba/sbin/samba
├─8615 /usr/local/samba/sbin/samba
├─8616 /usr/local/samba/sbin/samba
├─8618 /usr/local/samba/sbin/samba
├─8619 /usr/local/samba/sbin/samba
├─8621 /usr/local/samba/sbin/smbd –option=server role check:inhibit=yes –foreground
├─8622 /usr/local/samba/sbin/samba
├─8623 /usr/local/samba/sbin/samba
├─8624 /usr/local/samba/sbin/samba
├─8626 /usr/local/samba/sbin/samba
├─8628 /usr/local/samba/sbin/samba
└─8655 /usr/local/samba/sbin/smbd –option=server role check:inhibit=yes –foreground
May 30 10:26:36 sambalab smbd[8621]: [2016/05/30 10:26:36.574263, 0] ../source3/smbd/server.c:1266(main)
May 30 10:26:36 sambalab smbd[8621]: standard input is not a socket, assuming -D option
May 30 10:26:37 sambalab samba[8582]: Starting samba: [ OK ]
May 30 10:26:37 sambalab systemd[1]: Started LSB: Bring up/down samba.
May 30 10:26:56 sambalab samba[8628]: [2016/05/30 10:26:56.581991, 0] ../source4/dsdb/dns/dns_upd…one)
May 30 10:26:56 sambalab samba[8628]: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update – …EOUT
May 30 10:36:56 sambalab samba[8628]: [2016/05/30 10:36:56.623967, 0] ../source4/dsdb/dns/dns_upd…one)
May 30 10:36:56 sambalab samba[8628]: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update – …EOUT
May 30 10:46:56 sambalab samba[8628]: [2016/05/30 10:46:56.663867, 0] ../source4/dsdb/dns/dns_upd…one)
May 30 10:46:56 sambalab samba[8628]: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update – …EOUT
Hint: Some lines were ellipsized, use -l to show in full.
[root@sambalab etc]# systemctl status named.service
● named.service – Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2016-05-30 10:47:41 WIB; 5min ago
Process: 10152 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (co de=exited, status=0/SUCCESS)
Process: 7792 ExecReload=/bin/sh -c /usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID ( code=exited, status=0/SUCCESS)
Process: 10167 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 10164 ExecStartPre=/bin/bash -c if [ ! “$DISABLE_ZONE_CHECKING” == “yes” ]; then /usr/sbin/nam ed-checkconf -z /etc/named.conf; else echo “Checking of zone files is disabled”; fi (code=exited, status= 0/SUCCESS)
Main PID: 10170 (named)
CGroup: /system.slice/named.service
└─10170 /usr/sbin/named -u named
May 30 10:47:41 sambalab named[10170]: command channel listening on ::1#953
May 30 10:47:41 sambalab named[10170]: managed-keys-zone: loaded serial 12
May 30 10:47:41 sambalab named[10170]: zone 0.in-addr.arpa/IN: loaded serial 0
May 30 10:47:41 sambalab named[10170]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
May 30 10:47:41 sambalab named[10170]: zone localhost.localdomain/IN: loaded serial 0
May 30 10:47:41 sambalab named[10170]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0….al 0
May 30 10:47:41 sambalab named[10170]: zone localhost/IN: loaded serial 0
May 30 10:47:41 sambalab named[10170]: all zones loaded
May 30 10:47:41 sambalab systemd[1]: Started Berkeley Internet Name Domain (DNS).
May 30 10:47:41 sambalab named[10170]: running
Hint: Some lines were ellipsized, use -l to show in full.
[root@sambalab etc]# kinit administrator
kinit: Cannot find KDC for realm “ITO.CO.ID” while getting initial credentials
terimakasih buat infonya.
Hi Mas iman,
untuk problem di atas sudah bisa..ada kesalahan di konfigurasi named.conf
tapi untuk testing..
[root@sambalab ~]# host -t A dc.ito.co.id.
Host dc.ito.co.id. not found: 3(NXDOMAIN)
konfig yg mana ya mas yg harus di edit?
thx,
Hi mas,
Coba perintahnya host -t A ito.co.id. tulisan dc didepan dibuang/dihilangkan
Hi again,
If i want to using external dns, what records i have to create?
Hi Damoh,
You can see the example DNS Flat File on this link : https://imanudin.com/2013/05/23/tips-samba-migrating-from-windows-server-to-samba-4-part-2/ 🙂
Hi,
Iman,
Nice guide, thanks for this, can you please help me whit this error. Thaks.
[root@samba4 ~]# journalctl -xe
—
— Unit named-setup-rndc.service has finished starting up.
—
— The start-up result is done.
Jun 21 13:23:02 samba4 systemd[1]: Starting Berkeley Internet Name Domain (DNS)…
— Subject: Unit named.service has begun start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit named.service has begun starting up.
Jun 21 13:23:02 samba4 bash[2015]: /usr/local/samba/private/named.conf:12: unknown option ‘dlz’
Jun 21 13:23:02 samba4 systemd[1]: named.service: control process exited, code=exited status=1
Jun 21 13:23:02 samba4 systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
— Subject: Unit named.service has failed
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit named.service has failed.
—
— The result is failed.
Jun 21 13:23:02 samba4 systemd[1]: Unit named.service entered failed state.
Jun 21 13:23:02 samba4 systemd[1]: named.service failed.
Jun 21 13:23:02 samba4 polkitd[599]: Unregistered Authentication Agent for unix-process:2009:33509 (system bus name :
lines 2390-2412/2412 (END)
Thanks for you support.
Disla
Hi Fausto,
Please paste the results from the following command
Hi firs off very nice guide.
I got everything to work. But i have this 1 problem that the DNS (bind) wont resolve names to ip addresses. i can ping googles ip address but not http://www.google.com.
Any suggestions to where the configuration is messed up ?
Hello Emil,
The problem is on your DNS server (upstream). Please try another DNS such as 8.8.8.8, 4.2.2.2 or DNS of your ISP
mas Iman, setelah saya menambahkan include “/usr/local/samba/private/named.conf”; pada konfigurasi /etc/named.conf, dan saya cek pada named.conf tsb sudah ada dgn menggunakan bind 9.8, saat saya restart namednya muncul error not found file named.conf tsb, kira2x masalahnya apa ya mas? karena sata install di SLES 12 konfigurasi tsb tidak masalah.
# ls -lh /usr/local/samba/private/ |grep named.conf
-rw-r–r– 1 root root 647 Oct 13 15:24 named.conf
Hi mas Sigit,
Mungkin bisa coba dicek SELinux nya aktif atau ngga mas
Mas salam jumpa lagi .. !
Sy punya masalah mirip seperti Mas Haryanto tp kode errornya beda kira-kira begini :
1. root@RP-SV002 ~]# systemctl status named.service
● named.service – Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2016-11-11 19:28:48 WIB; 40min ago
Process: 5683 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=1/FAILURE)
Process: 5672 ExecStartPre=/bin/bash -c if [ ! “$DISABLE_ZONE_CHECKING” == “yes” ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo “Checking of zone files is disabled”; fi (code=exited, status=0/SUCCESS)
Nov 11 19:28:47 RP-SV002 named[5685]: listening on IPv6 interface lo, ::1#53
Nov 11 19:28:47 RP-SV002 named[5685]: generating session key for dynamic DNS
Nov 11 19:28:47 RP-SV002 named[5685]: sizing zone task pool based on 6 zones
Nov 11 19:28:47 RP-SV002 named[5685]: Loading ‘AD DNS Zone’ using driver dlopen
Nov 11 19:28:47 RP-SV002 named[5685]: dlz_dlopen failed to open library ‘/u…ed
Nov 11 19:28:47 RP-SV002 named[5685]: dlz_dlopen of ‘AD DNS Zone’ failed
Nov 11 19:28:48 RP-SV002 systemd[1]: named.service: control process exited,…=1
Nov 11 19:28:48 RP-SV002 systemd[1]: Failed to start Berkeley Internet Name…).
Nov 11 19:28:48 RP-SV002 systemd[1]: Unit named.service entered failed state.
Nov 11 19:28:48 RP-SV002 systemd[1]: named.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
Bisa tolong carikan solusinya … ?
thank’s
Hi mas,
Apakah SELinux nya sudah didisable?
[root@linus7 ~]# systemctl status named.service -l
● named.service – Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2017-05-09 14:33:59 IST; 2s ago
Process: 5259 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 2479 ExecReload=/bin/sh -c /usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 5275 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 5271 ExecStartPre=/bin/bash -c if [ ! “$DISABLE_ZONE_CHECKING” == “yes” ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo “Checking of zone files is disabled”; fi (code=exited, status=0/SUCCESS)
Main PID: 5280 (named)
CGroup: /system.slice/named.service
└─5280 /usr/sbin/named -u named
May 09 14:33:59 linus7.kplinus.com named[5280]: all zones loaded
May 09 14:33:59 linus7.kplinus.com named[5280]: running
May 09 14:33:59 linus7.kplinus.com systemd[1]: Started Berkeley Internet Name Domain (DNS).
May 09 14:33:59 linus7.kplinus.com named[5280]: zone 21.168.192.in-addr.arpa/IN: sending notifies (serial 0)
May 09 14:34:00 linus7.kplinus.com named[5280]: error (network unreachable) resolving ‘linus7.kpliuns.com/A/IN’: 2001:7fe::53#53
May 09 14:34:00 linus7.kplinus.com named[5280]: error (network unreachable) resolving ‘linus7.kpliuns.com/A/IN’: 2001:dc3::35#53
May 09 14:34:00 linus7.kplinus.com named[5280]: error (network unreachable) resolving ‘linus7.kpliuns.com/AAAA/IN’: 2001:7fe::53#53
May 09 14:34:00 linus7.kplinus.com named[5280]: error (network unreachable) resolving ‘linus7.kpliuns.com/AAAA/IN’: 2001:dc3::35#53
May 09 14:34:00 linus7.kplinus.com named[5280]: error (network unreachable) resolving ‘./NS/IN’: 2001:7fe::53#53
May 09 14:34:00 linus7.kplinus.com named[5280]: error (network unreachable) resolving ‘./NS/IN’: 2001:dc3::35#53
[root@linus7 ~]# nslookup webmail.kplinus.com
Server: 192.168.21.129
Address: 192.168.21.129#53
webmail.kplinus.com canonical name = linus7.kplinus.com.
Name: linus7.kplinus.com
Address: 192.168.21.129
[root@linus7 ~]#
Hi Abhi CN,
How you get webmail.kplinux.com as CNAME from linus7.kplinus.com? AFAIK, if you have configured bind9 DLZ as internal DNS for Samba4, the server only have A records for domain and hostname. And do not have webmail as CNAME for another Name/Hostname
Hi
Thank you for your tutorial, i used it and everything worked/ Now i’m trying to add openldap server as backend for log/pass , i added the line
passdb backend = ldapsam:ldap://ldap.example.com
in /usr/local/samba/etc/smb.conf
and it seems to be not enough , I know that this task does not concern your tutorial, but could you help with it?
HI Barmadron,
Referring into this link : https://wiki.samba.org/index.php/Samba4/LDAP_Backend, it is not supported
I just came across this link, https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Reference_Guide/samba-PDC-LDAP.html , and I thought that you can combine DC AD and openldap as backend , in your opinion it is possible?
Hi Barmadron,
Yes, you can. But, DC AD will not work if using OpenLDAP as backend. I’m ever try on SLES
Everything working fine, am stuck with below. I checked many forums, changed krb5.conf, smb.conf etc no luck yet.
Can someone please help
[root@kdc01 ~]# kinit administrator
kinit: Cannot contact any KDC for realm ‘MYDOMAIN.NET’ while getting initial credentials
Hi charles,
– Please make sure your Samba and DNS have been started
– Could you share contents from krb5.conf?
hello, have you tried to build two different controllers but same database? or have you tried to build 4 domain controllers? Thanks
Hello,
No, have not. Only single domain that ever i build 😉
i’am following tutorial but after install bind
when i’ going to edit this file.
there is no file with this name named.conf in /usr/local/samba/private/ directoryb
if i will create this file manually and assign permissions than it’s not work.
also named.service not restart it’s shows error
[root@server samba-4.8.4]# journalctl -xe
— The start-up result is done.
Aug 30 17:00:01 server systemd[1]: Starting User Slice of root.
— Subject: Unit user-0.slice has begun start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit user-0.slice has begun starting up.
Aug 30 17:00:01 server systemd[1]: Started Session 44 of user root.
— Subject: Unit session-44.scope has finished start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit session-44.scope has finished starting up.
—
— The start-up result is done.
Aug 30 17:00:01 server systemd[1]: Starting Session 44 of user root.
— Subject: Unit session-44.scope has begun start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit session-44.scope has begun starting up.
Aug 30 17:00:01 server CROND[17851]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Aug 30 17:00:01 server systemd[1]: Removed slice User Slice of root.
— Subject: Unit user-0.slice has finished shutting down
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit user-0.slice has finished shutting down.
Aug 30 17:00:01 server systemd[1]: Stopping User Slice of root.
— Subject: Unit user-0.slice has begun shutting down
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit user-0.slice has begun shutting down.
Hi,
Please try to use this one: https://ftp.samba.org/pub/samba/stable/samba-4.1.13.tar.gz. I am not yet try new version. Might have different with the old version
I have tried also with this version but faces same issue.
HI,
I have configured samba4 as per described.But when i create a user via rsat it’s not list in centos 7 and also that user i have created in centos is not listed in rsat.But if i login with usernae that i have created with rsat it’s succesfully login.but users are not listing in rsat user’s list.
Hi,
Are you have been check using samba-tool user list?
Salam Jempol untuk Mas Imanudin,.
saya sudah mengikuti tutorial diatas, dan berhasil.
yg jadi masalah, ketika saya coba koneksikan mesin windows 7 ke domain yg baru saya buat tsb, bisa muncul Halaman Username & Password utk Domain yg baru saya buat.
tetapi setelah username saya masukkan (Administrator) dan Password nya, lalu muncul error:
” Computer Name/Domain Changes
An Attempt to resolve the DNS name of a domain controller in the domain being joined has failed. Please verify this client is configured to reach a DNS server that can resolve DNS names in the target domain.
For Information about network trouble shorting, see windows help. ”
Mohon di bantu utk permasalahan ini ya Mas,.
Terima Kasih.
Hi mas,
Pastikan jam klien sudah sesuai dengan jam server. Dan konfigurasi DNS primary mengarah ke IP server
Mas Iman,
di step yang merubah vi /usr/local/samba/private/named.conf
tidak saya temukan file tersebut.
cd /usr/local/samba/private/
[root@centos private]# ls
dns.keytab ldap_priv secrets.ldb
dns_update_cache msg.sock secrets.tdb
dns_update_list netlogon_creds_cli.tdb share.ldb
encrypted_secrets.key privilege.ldb smbd.tmp
hklm.ldb sam.ldb spn_update_list
idmap.ldb sam.ldb.d tls
krb5.conf schannel_store.tdb
ldapi secrets.keytab
Apakah tidak masalah kalau saya create file baru disitu ?
Hi mas Ridho,
Untuk versi terbaru, lokasinya ada disini mas : /usr/local/samba/bind-dns/. Silakan disesuaikan
how to implement the security and GPO in window and Linux client. and one more thing.how to join the linux client in linux DC.
Hello,
You can apply GPO only for Windows. The samba4 project developed for replacing Windows Server AD.
If you are using openSUSE ,you can use YAST to join (using wizard)
Salam kenal mas, saya sudah mengikuti tutorial di atas. Saya ada kendala saat melakukan perintah service named restart muncul keterangan :
Job for named.service failed because the control process exited with error code. See “systemctl status named.service” and “journalctl -xe” for details.
Kebetulan versi bind yang terinstall di saya adalah versi 9.11. Saya sudah edit bagian /usr/local/samba/private/named.conf menjadi :
database “dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so”;
Tapi saat saya restart error tetap sama. Mohon solusinya
Hi mas Ferry,
Coba pakai internal DNS bawaan dari Samba saja mas. Panduan ini masih pakai BIND DLZ.