[Samba] Changing IP Scope on a Samba DC

Peter Pollock peter.pollock at kingschristian.org
Sat Sep 5 05:02:15 UTC 2020 

OK.. after school ended today, I poked around and found nothing so I
started all over again. Followed Louis' instructions at
https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
all the way through but at the end, the resolver is not working - and kinit
cannot find a KDC (I'm guessing because the resolver is not working!)

This is the only server on the network and has an IP address of 192.168.4.5
(the gateway is at 192.168.4.1)

"Service named status" gives me:

● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor
preset: enabled)
     Active: active (running) since Fri 2020-09-04 21:41:41 PDT; 10min ago
       Docs: man:named(8)
   Main PID: 528 (named)
      Tasks: 14 (limit: 2282)
     Memory: 61.9M
     CGroup: /system.slice/named.service
             └─528 /usr/sbin/named -f -u bind

Sep 04 21:52:22 dc01 named[528]: network unreachable resolving 'kcs/DS/IN':
2001:500:2d::d#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving 'kcs/DS/IN':
2001:500:1::53#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving 'kcs/DS/IN':
2001:500:9f::42#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving 'kcs/DS/IN':
2001:503:ba3e::2:30#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving 'kcs/DS/IN':
2001:500:a8::e#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving 'kcs/DS/IN':
2001:500:200::b#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving 'kcs/DS/IN':
2001:500:2f::f#53
Sep 04 21:52:22 dc01 named[528]: network unreachable resolving 'kcs/DS/IN':
2001:503:c27::2:30#53
Sep 04 21:52:22 dc01 named[528]: broken trust chain resolving
'dc01.internal.kcs/A/IN': 8.8.8.8#53
Sep 04 21:52:22 dc01 named[528]: broken trust chain resolving
'_ldap._tcp.dc01.internal.kcs/SRV/IN': 8.8.8.8#53

I do not know where to start.

I took copious notes as I followed Louis' walkthrough, which I'll send if
they interest you, but it's many pages!



On Fri, Sep 4, 2020 at 7:20 AM Rowland penny <rpenny at samba.org> wrote:

> On 04/09/2020 15:05, Peter Pollock wrote:
> > This is brand new. Created following Louis' instructions (although in
> > my install of Ubuntu 20.04, it gets a little tricky with installing
> > packages because it claims one or more don't exist after adding Louis'
> > repository and doing an apt update).
> Please don't do that, say something doesn't exist without telling us
> what 'something' is ;-)
> >
> > Totally separate network from my Zentyal installs, on a ProxMox
> > virtual server, if that makes any difference.
> No, good idea really, it doesn't matter if it is separate, it allows you
> to destroy it easily if need be.
> >
> > I know the admin password, I just removed it from this email, I just
> > cannot figure out why I can't initiate a kticket.
> OK, if you know the password, no need to start again, but kinit should
> work. Did you check if the first nameserver in /etc/resolv.conf is the
> DC's IP ? did you run the kinit command as root and like this 'kinit
> Administrator' ?
> >
> > I can wipe it and start again, that's not a problem at all. I was just
> > so close...
>
> No, there is no need, it was just the lack of the Administrator password
> that was throwing me ;-)
>
> Rowland
>
>
>

More information about the samba mailing list