[Samba] DNS Issues when joining a Domain as a DC [SOLVED]
Thomas Kempf
listen at hueper.de
Thu Oct 16 05:58:39 MDT 2014
O.k. The problem is solved. I read through Louis scripts and found this
># Fixes for sernet samba missing rights
>if [ -d /var/lib/samba/private ]; then
>echo "enable-ing access for bind in private"
>chmod 755 /var/lib/samba/private
>chown root:bind /var/lib/samba/private/dns.keytab
>fi
I checked the rights on the keytab and found the dns.keytab like this
-rw------- 1 root root 742 Okt 15 17:45 dns.keytab
changed it to this
-rw-r----- 1 root bind 742 Okt 15 17:45 dns.keytab
restarted bind and samba and here we go
root at dns1:~# host -t A dns1.ad.hueper.de 192.168.0.1
Using domain server:
Name: 192.168.0.1
Address: 192.168.0.1#53
Aliases:
dns1.ad.hueper.de has address 192.168.0.1
Thank you all for your help guys!
Kind regards
Tom
Am 16.10.2014 um 13:26 schrieb L.P.H. van Belle:
> the debian version os samba in backports 4.1.11
> does not create the DC Hostname not correcly in the DNS.
> the first DC is ok, but every other join is missing important dns settings.
>
> I advice to use sernet samba version 4.1.12 which works perfect for the DC Servers.
> A member server can be samba backports.
>
> i have tested this a week ago.
>
> you may want to try my scripts or have a look in the scripts what is done there.
>
> https://secure.bazuin.nl/scripts/
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: listen at hueper.de [mailto:samba-bounces at lists.samba.org]
>> Namens Thomas Kempf
>> Verzonden: donderdag 16 oktober 2014 11:35
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] DNS Issues when joining a Domain as a DC
>>
>> Hi,
>> yesterday i tried to join a domain as a DC with bind9 as
>> dns-backend on
>> Debian Wheezy with samba 4.1.11 from backports. I followed the
>> tutorial
>> in the wiki https://wiki.samba.org/index.php/Join_a_domain_as_a_DC but
>> didn' find the instruction completely clear, so perhaps i made
>> a mistake
>> during the join.
>> It is written there:
>> "If you choose BIND as DNS backend, instead of the internal DNS, then
>> you, of course, have to finish this before you continue"
>> I could not figure out how to finish configuring bind as a
>> backend, when
>> the keytab file and the other bind-related files get created after
>> joining the domain.
>> So i ran the join command first, and with the files created in this
>> step, i was able to get the DC up and running...
>> I had to manually create the A and CNAME records on the old DC like it
>> is written in the wiki in the part "Check required DNS entries of the
>> new host". my guess was, that those entries should be replicated later
>> on to the new DC seems not to work.
>> When i check the name resolving of the A record on the newly joined DC
>> it does not resolve whereas on the old one it works fine.
>>
>> AD-Domain is ad.hueper.de
>> old DC is dns2.ad.hueper.de
>> new DC is dns1.ad.hueper.de
>>
>> dns1:~# host -t A dns1.ad.hueper.de dns2.ad.hueper.de
>> Using domain server:
>> Name: dns2.ad.hueper.de
>> Address: 192.168.0.2#53
>> Aliases:
>>
>> dns1.ad.hueper.de has address 192.168.0.1
>>
>> dns1:~# host -t A dns1.ad.hueper.de dns1.ad.hueper.de
>> Using domain server:
>> Name: dns1.ad.hueper.de
>> Address: 192.168.0.1#53
>> Aliases:
>>
>> Host dns1.ad.hueper.de not found: 3(NXDOMAIN)
>>
>> When i look at the servers using RSAT DNS-Manager i can see
>> the A-Record
>> on both DNS-Servers, so i wonder why doesn't it resolve on the new DC ?
>> Is it save to delete the A and CNAME Records and recreate them
>> using RSAT ?
>>
>> kind regards
>> Tom
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
More information about the samba
mailing list