[Samba] DNS Issues when joining a Domain as a DC

Thomas Kempf listen at hueper.de
Thu Oct 16 05:05:23 MDT 2014 

Am 16.10.2014 um 12:54 schrieb Rowland Penny:
> On 16/10/14 11:45, Thomas Kempf wrote:
>> Hi Daniel,
>>
>> Am 16.10.2014 um 12:12 schrieb Daniel Müller:
>>> Is your first DC a Samba4 host?
>> Yes 4.1.11 too
>>
>>> Did you: samba-tool domain join YOURDOMAIN DC -Uadministrator
>>> --realm=your.realm --dns-backend=BIND9_DLZ
>> Yes, but i had to add the options "interfaces=127.0.01,192.168.0.1"
>> and "bind interfaces only=yes" because i have
>> more interfaces on that machine
>>
>
> Just where did you add these options and when ?

When joining the domain i did the following:

samba-tool domain join ad.hueper.de DC -Uadministrator at AD.HUEPER.DE 
--realm=AD.HUEPER.DE --dns-backend=BIND9_DLZ --option="interfaces = 
127.0.0.1,192.168.0.1" --option="bind interfaces only=yes"

I added these options to my smb.conf before i restarted samba

>
> Rowland
>
>>> samba-tool dns add your.master.dc your.realm YOUR.NEW.DC A
>>> your.new.dc.ip
>>> -Uadministrator
>> yes
>>
>>> host -t A YOUR.NEW.DC.  must show no errors!!
>> it does not show errors as long as the nameserver is the Master DC.
>> when i use the nameserver on the new DC it does not get resolved.
>>
>>> What about your krb5.conf?
>> On the new DC:
>> dns1:~# cat /etc/krb5.conf
>> [libdefaults]
>>         default_realm = AD.HUEPER.DE
>>         dns_lookup_realm = true
>>         dns_lookup_kdc = true
>>
>> On the master DC:
>> dns2:~# cat /etc/krb5.conf
>> [libdefaults]
>>         default_realm = AD.HUEPER.DE
>>         dns_lookup_realm = false
>>         dns_lookup_kdc = true
>>
>>> What about : samba-tool drs kcc -Uadministrator
>>> Your.domain.controllers  ?
>> I did not run that command initially. I thought this was only
>> necessary when joining a MS-DC.
>> Just ran it at the moment
>>
>> dns1:~# samba-tool drs kcc -Uadministrator
>> Password for [HUEPER\administrator]:
>> Consistency check on dns1.ad.hueper.de successful.
>>
>> dns1:~# samba-tool drs kcc -Uadministrator dns2.ad.hueper.de
>> Password for [HUEPER\administrator]:
>> Consistency check on dns2.ad.hueper.de successful.
>>
>>
>>
>>
>>> Ex:
>>> samba-tool drs kcc -Uadministrator s4master.tplk.loc
>>> Password for [TPLK\administrator]:
>>> Consistency check on s4master.tplk.loc successful.
>>>
>>> EDV Daniel Müller
>>>
>>> Leitung EDV
>>> Tropenklinik Paul-Lechler-Krankenhaus
>>> Paul-Lechler-Str. 24
>>> 72076 Tübingen
>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>> eMail: mueller at tropenklinik.de
>>> Internet: www.tropenklinik.de
>>>
>>>
>>>
>>>
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: samba-bounces at lists.samba.org
>>> [mailto:samba-bounces at lists.samba.org] Im
>>> Auftrag von Thomas Kempf
>>> Gesendet: Donnerstag, 16. Oktober 2014 11:35
>>> An: samba at lists.samba.org
>>> Betreff: [Samba] DNS Issues when joining a Domain as a DC
>>>
>>> Hi,
>>> yesterday i tried to join a domain as a DC with bind9 as dns-backend on
>>> Debian Wheezy with samba 4.1.11 from backports. I followed the
>>> tutorial in
>>> the wiki https://wiki.samba.org/index.php/Join_a_domain_as_a_DC but
>>> didn'
>>> find the instruction completely clear, so perhaps i made a mistake
>>> during
>>> the join.
>>> It is written there:
>>> "If you choose BIND as DNS backend, instead of the internal DNS, then
>>> you,
>>> of course, have to finish this before you continue"
>>> I could not figure out how to finish configuring bind as a backend,
>>> when the
>>> keytab file and the other bind-related files get created after
>>> joining the
>>> domain.
>>> So i ran the join command first, and with the files created in this
>>> step, i
>>> was able to get the DC up and running...
>>> I had to manually create the A and CNAME records on the old DC like
>>> it is
>>> written in the wiki in the part "Check required DNS entries of the new
>>> host". my guess was, that those entries should be replicated later on
>>> to the
>>> new DC seems not to work.
>>> When i check the name resolving of the A record on the newly joined
>>> DC it
>>> does not resolve whereas on the old one it works fine.
>>>
>>> AD-Domain is ad.hueper.de
>>> old DC is dns2.ad.hueper.de
>>> new DC is dns1.ad.hueper.de
>>>
>>> dns1:~# host -t A dns1.ad.hueper.de dns2.ad.hueper.de Using domain
>>> server:
>>> Name: dns2.ad.hueper.de
>>> Address: 192.168.0.2#53
>>> Aliases:
>>>
>>> dns1.ad.hueper.de has address 192.168.0.1
>>>
>>> dns1:~# host -t A dns1.ad.hueper.de dns1.ad.hueper.de Using domain
>>> server:
>>> Name: dns1.ad.hueper.de
>>> Address: 192.168.0.1#53
>>> Aliases:
>>>
>>> Host dns1.ad.hueper.de not found: 3(NXDOMAIN)
>>>
>>> When i look at the servers using RSAT DNS-Manager i can see the
>>> A-Record on
>>> both DNS-Servers, so i wonder why doesn't it resolve on the new DC ?
>>> Is it save to delete the A and CNAME Records and recreate them using
>>> RSAT ?
>>>
>>> kind regards
>>> Tom
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>

More information about the samba mailing list