[Samba] new DC preparation, nslookup and dig errors
Rowland Penny
rpenny at samba.org
Tue Sep 26 11:58:48 UTC 2023
On Tue, 26 Sep 2023 11:29:07 +0000
Paul Littlefield via samba <samba at lists.samba.org> wrote:
> On 26/09/2023 11:23, Rowland Penny via samba wrote:
> > OK, I think I understand what is going on.
> >
> > You are following this wiki page:
> >
> > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
>
> Yes :)
>
>
> > You have got to the heading 'Configuring DNS' and the first line
> > under that heading sends you to another wiki page, did you read the
> > two blue boxes below the link ?
>
> Yes.
>
> "The 'nameserver' you set in '/etc/resolv.conf' should be another AD
> DC, otherwise the join could have difficulty finding a KDC."
>
> Yep, have those ...
>
> root at dc5.mydomain.com ~ $ (screen) cat /etc/resolv.conf
> search mydomain.com
> nameserver 130.130.0.219
> nameserver 130.130.0.218
You only need one, preferably the one holding the PDC_Emulator FSMO role
>
> ... and ...
>
> "If you are joining a new DC the 'nameserver' you set in
> '/etc/resolv.conf' must be another AD DC, otherwise the join will not
> be work. Once the new join has succeeded, you need to change the
> 'nameserver' to the new DCs ip address, do not use '127.0.0.1' or any
> other IP."
>
> Yep, same.
>
> So, I have the correct existing AD DCs in the '/etc/resolv.conf' on
> the new (unjoined) 'DC5'.
As I said, you only need one.
>
>
> > Also the wiki page you are sent to, could be a bit clearer.
>
> No, I thought it was fine :)
>
> So, what next to try and debug the error?
>
>
> "_ldap._tcp.mydomain.com;; communications error to 130.130.0.219#53:
> timed out"
Unless you have joined your new DC and it is working, stop testing,
come back to this after you have joined your new DC.
Rowland
More information about the samba
mailing list