Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: andcar on January 23, 2020, 10:11:20 am
-
Dear all,
I need some help in understanding what is going on. I have a windows 2008 server (not R2) that I want to replace with zentyal 6.1.2. I successfully joined the domain. I can see and manage Users, Groups..I correctly see the computers..I'm having problems(?) with the DNS. In zentyal I cannot see the entries, the A records that are present in the DomainDnsZones that are correctly transferred. It's this the normal behaviour?
Moreover, if I add an A entry in Zentyal DNS I can see it in the DNS manager of W2K8 but the opposite does not happens.
Can somebody help me?
-
:)
Could be you would find this useful: https://wiki.samba.org/index.php/Samba-tool_ldapcmp (https://wiki.samba.org/index.php/Samba-tool_ldapcmp)
Cheers!
-
Hi, thanks for the tip.
I've made a check..all the results are oK...SUCCESS for the
" samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator" command.
In addition I've tried to connect via the Windows DNS Manager to the zentyal server and there it is shiowing the expected same entries I can see in the W2K8 Server DNS ..thorugh the same DNS manager Tool...
It seems like Zentyal is not showing the LDAP entries already present and don't added by the Zentyal DNS web interface.
Any other idea?
Andrea
-
:)
Could you include some screenshots? (You'll have to use some external service as imgBB).
Regarding your problem, there are tons of LDAP records, objects, and attributes of the Active Directory schemas that aren't shown in the Zentyal "Users and Computers" module. Furthermore, Samba uses Bind9 but the corresponding menu in webadmin (DNS) could be isn't either exhaustive when showing data.
You can use the "samba-tool dns" tool for querying the samba dns subsystem, create zones, records, etc. This way you'll be able to check your samba dns subsystem.
If this check is correct, and you haven't replication errors (read this https://wiki.samba.org/index.php/Verifying_the_Directory_Replication_Statuses) the most probably is that your system is working properly.
You could find this document useful:
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Introduction (https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Introduction)
Cheers!
-
Thanks for the quick reply and sorry for my slow answer... :)
I've checked everything and the replica are ok. Both the controllers share the same DB Informations: users,groups, computer, dns..
Here I'm posting the Screenshots as requested:
1) ZENTYAL WEB DNS PAGE - hosts entries https://ibb.co/fr5FrBp (https://ibb.co/fr5FrBp)
2) W2K8 DNS MANAGER INTERFACE CONNECTED TO THE W2K8 DC https://ibb.co/XWGjb7F (https://ibb.co/XWGjb7F)
3) W2K8 DNS MANAGER INTERFACE CONNECTED TO THE ZENTYAL DC https://ibb.co/RTg1NZc (https://ibb.co/RTg1NZc)
I've put some comments on the images to show you the situation.
Thanks
Andrea
-
:)
There's some useful commands to manage the DNS Samba backend:
root@zenlvm:~# samba-tool dns serverinfo localhost -U admindc%admindc
...
dwVersion : 0xece0205
fBootMethod : DNS_BOOT_METHOD_DIRECTORY
fAdminConfigured : FALSE
fAllowUpdate : TRUE
fDsAvailable : TRUE
pszServerName : ZENLVM.eregion.lan
pszDsContainer : CN=MicrosoftDNS,DC=DomainDnsZones,DC=eregion,DC=lan
aipServerAddrs : ['127.0.0.1', '127.0.1.1', '10.5.20.98', '192.168.0.1']
aipListenAddrs : ['127.0.0.1', '127.0.1.1', '10.5.20.98', '192.168.0.1']
aipForwarders : []
dwLogLevel : 0
dwDebugLevel : 0
dwForwardTimeout : 3
dwRpcPrototol : 0x5
dwNameCheckFlag : DNS_ALLOW_MULTIBYTE_NAMES
cAddressAnswerLimit : 0
dwRecursionRetry : 3
dwRecursionTimeout : 8
dwMaxCacheTtl : 86400
dwDsPollingInterval : 180
dwScavengingInterval : 0
dwDefaultRefreshInterval : 168
dwDefaultNoRefreshInterval : 168
fAutoReverseZones : FALSE
fAutoCacheUpdate : FALSE
fRecurseAfterForwarding : FALSE
fForwardDelegations : TRUE
fNoRecursion : FALSE
fSecureResponses : FALSE
fRoundRobin : TRUE
fLocalNetPriority : FALSE
fBindSecondaries : FALSE
fWriteAuthorityNs : FALSE
fStrictFileParsing : FALSE
fLooseWildcarding : FALSE
fDefaultAgingState : FALSE
dwRpcStructureVersion : 0x2
aipLogFilter : []
pwszLogFilePath : None
pszDomainName : eregion.lan
pszForestName : eregion.lan
pszDomainDirectoryPartition : DC=DomainDnsZones,DC=eregion,DC=lan
pszForestDirectoryPartition : DC=ForestDnsZones,DC=eregion,DC=lan
dwLocalNetPriorityNetMask : 0xff
dwLastScavengeTime : 0
dwEventLogLevel : 4
dwLogFileMaxSize : 0
dwDsForestVersion : 2
dwDsDomainVersion : 2
dwDsDsaVersion : 4
fReadOnlyDC : FALSE
root@zenlvm:~# samba-tool dns zonelist localhost -U admindc%admindc
...
2 zone(s) found
pszZoneName : eregion.lan
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.eregion.lan
pszZoneName : _msdcs.eregion.lan
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.eregion.lan
root@zenlvm:~# samba-tool dns zoneinfo localhost eregion.lan -U admindc%admindc
...
pszZoneName : eregion.lan
dwZoneType : DNS_ZONE_TYPE_PRIMARY
fReverse : FALSE
fAllowUpdate : DNS_ZONE_UPDATE_SECURE
fPaused : FALSE
fShutdown : FALSE
fAutoCreated : FALSE
fUseDatabase : TRUE
pszDataFile : None
aipMasters : []
fSecureSecondaries : DNS_ZONE_SECSECURE_NO_XFER
fNotifyLevel : DNS_ZONE_NOTIFY_LIST_ONLY
aipSecondaries : []
aipNotify : []
fUseWins : FALSE
fUseNbstat : FALSE
fAging : FALSE
dwNoRefreshInterval : 168
dwRefreshInterval : 168
dwAvailForScavengeTime : 0
aipScavengeServers : []
dwRpcStructureVersion : 0x2
dwForwarderTimeout : 0
fForwarderSlave : 0
aipLocalMasters : []
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.eregion.lan
pwszZoneDn : DC=eregion.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=eregion,DC=lan
dwLastSuccessfulSoaCheck : 0
dwLastSuccessfulXfr : 0
fQueuedForBackgroundLoad : FALSE
fBackgroundLoadInProgress : FALSE
fReadOnlyZone : FALSE
dwLastXfrAttempt : 0
dwLastXfrResult : 0
root@zenlvm:~# samba-tool dns query localhost EREGION.LAN @ ALL -U admindc%admindc
...
Name=, Records=4, Children=0
SOA: serial=6, refresh=900, retry=600, expire=86400, minttl=3600, ns=zenlvm.eregion.lan., email=hostmaster.eregion.lan. (flags=600000f0, serial=6, ttl=3600)
NS: zenlvm.eregion.lan. (flags=600000f0, serial=6, ttl=900)
A: 10.5.20.98 (flags=600000f0, serial=6, ttl=259200)
A: 192.168.0.1 (flags=600000f0, serial=6, ttl=259200)
Name=_kerberos, Records=1, Children=0
TXT: "eregion.lan" (flags=f0, serial=5, ttl=259200)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=5
Name=_udp, Records=0, Children=3
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
Name=zenlvm, Records=2, Children=0
A: 10.5.20.98 (flags=f0, serial=6, ttl=259200)
A: 192.168.0.1 (flags=f0, serial=6, ttl=259200)
Take note that Samba4 uses BIND9 (usually) but BIND9 has his own existence as a service and have their own commands of managing.
In my DNS server there is some other zones that I defined and that aren't managed by samba4 but for BIND9 itself:
rndc dumpdb -all && cat /var/cache/bind/named_dump.db | less
I think that it contains the data you want see
Cheers!
-
Thanks for the hints.
This command returns me all the entries.
samba-tool dns query localhost MYDOMAIN.LOCAL @ ALL -U admindc%admindc
So, in the end, are you saying that it is normal that I cannot see the same entries from the zentyal web interface-DNS?
If not, do I have the possibility to do something to make them appear in the web interface?
Let me know
Andrea
-
...
So, in the end, are you saying that it is normal that I cannot see the same entries from the zentyal web interface-DNS?
If not, do I have the possibility to do something to make them appear in the web interface?
Let me know
Andrea
The Zentyal webadmin is designed to make easy the most usual activities of a sysadmin. So, there is LDAP objects, internal users accounts, etc that are builtin objects and are used and managed directly by samba. Most of them aren't shown by webadmin. However, you can do the advanced tasks concerning these objects through the command-line tools provided by samba, BIND9, dovecot, SOGo, etc...
Webadmin follows a design principle that looks for making easy the usual tasks without exposing the system to potentially dangerous operations. This makes Zentyal usable for inexpert or non-profesional sysadmins.
I don't know if this answers your question. If the problem is to check that your domain is perfectly operative with your zentyal server alone, you could do some checks by "unplugging" temporarily the rest of the domain controllers (Don't remove them from the domain!)
Cheers!
-
Absolutely yes.
Now everything is clear.
Thanks again
Andrea