samba4 domain problem

Sat Apr 20 16:33:51 MDT 2013

I have solved the problem, because of the incorect dns settings aparently the samba server did not joined it's own domain therefore it could not act as a domain controller. I have reprovisioned it with the correct dns ip's and I was able to join the domain with the windows7 machine with no issue.
Thanks to all for your help 

regards,
Peter

On 2013.04.21., at 0:33, Keresztes Péter-Zoltán <zozo at z0z0.tk> wrote:

> Hello,
> 
> ok, I have removed all the nameserver entries and I have pointed the nameserver to be the samba servers local ip.
> I have also pointed the windows 7 machnines dns to be the same IP address. When I try to add the windows 7 machine to the domain I am getting the following error:
> 
> DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "demo.local":
> 
> The query was for the SRV record for _ldap._tcp.dc._msdcs.demo.local
> 
> The following domain controllers were identified by the query:
> dem.demo.local
> 
> 
> However no domain controllers could be contacted.
> 
> Common causes of this error include:
> 
> - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.
> 
> - Domain controllers registered in DNS are not connected to the network or are not running.
> 
> Regards,
> Peter
> 
> On 2013.04.21., at 0:14, Gémes Géza <geza at kzsdabas.hu> wrote:
> 
>> 2013-04-20 22:21 keltezéssel, Keresztes Péter-Zoltán írta:
>>> Hi,
>>> 
>>> my resolve.conf look like this:
>>> 
>>> search demo.local
>>> domain demo.local
>>> nameserver 10.0.0.1
>>> nameserver 8.8.8.8
>>> 
>>> The IP of my samba box is 10.0.0.102 and the 10.0.0.1 is a wireless router.
>>> the config I have posted is generated by testparm therefore that configuration is added by the Testparm script in there, the real smb.conf look like this:
>>> 
>>> [global]
>>> 	workgroup = DEMO
>>> 	realm = demo.local
>>> 	netbios name = DEM
>>> 	server role = active directory domain controller
>>> 	dns forwarder = 10.0.0.1
>>> 	nsupdate command = /usr/sbin/samba_dnsupdate
>>> 	server services = smb,dnsupdate,dns,winbind,kdc
>>> 
>>> [netlogon]
>>> 	path = /var/lib/samba/sysvol/demo.local/scripts
>>> 	read only = No
>>> 
>>> [sysvol]
>>> 	path = /var/lib/samba/sysvol
>>> 	read only = No
>>> 
>>> Regards,
>>> Peter
>>> On 2013.04.20., at 23:16, Gémes Géza <geza at kzsdabas.hu> wrote:
>>> 
>>>> Hi,
>>>>> Hi,
>>>>> 
>>>>> As far as I understand if I use as a dns-backend SAMBA_INTERNAL or I don't mention about it it will use samba4's internal DNS server. If I run everything else like BIND9_DLZ or BIND9_FLATFILE option I need to use a bind on the same server as the samba4 dc would be running. For the moment I think the samba's internal stuff would be much simpler since for the moment I want to get used to it and it would not have any extra configuration files.
>>>>> Good taking in consideration that I am using google's public dns as a dns server what IP should I put in dns forwarders?
>>>>> 
>>>>> if I start my samba with -i -M single -d2 option I get the following:
>>>>> 
>>>>> # samba -i -M single -d2
>>>>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>>>>> samba version 4.0.5 started.
>>>>> Copyright Andrew Tridgell and the Samba Team 1992-2012
>>>>> samba: using 'single' process model
>>>>> dreplsrv_partition[CN=Configuration,DC=demo,DC=local] loaded
>>>>> dreplsrv_partition[CN=Schema,CN=Configuration,DC=demo,DC=local] loaded
>>>>> dreplsrv_partition[DC=demo,DC=local] loaded
>>>>> dreplsrv_partition[DC=DomainDnsZones,DC=demo,DC=local] loaded
>>>>> dreplsrv_partition[DC=ForestDnsZones,DC=demo,DC=local] loaded
>>>>> kccsrv_partition[DC=demo,DC=local] loaded
>>>>> kccsrv_partition[CN=Configuration,DC=demo,DC=local] loaded
>>>>> kccsrv_partition[CN=Schema,CN=Configuration,DC=demo,DC=local] loaded
>>>>> kccsrv_partition[DC=DomainDnsZones,DC=demo,DC=local] loaded
>>>>> kccsrv_partition[DC=ForestDnsZones,DC=demo,DC=local] loaded
>>>>> Loading new DNS update grant rules
>>>>> /usr/sbin/smbd: smbd version 4.0.5 started.
>>>>> /usr/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2012
>>>>> /usr/sbin/smbd: standard input is not a socket, assuming -D option
>>>>> /usr/sbin/smbd: Unable to connect to CUPS server localhost:631 - Connection refused
>>>>> /usr/sbin/smbd: failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
>>>>> /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
>>>>> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 506, in <module>
>>>>> /usr/sbin/samba_dnsupdate:     get_credentials(lp)
>>>>> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 119, in get_credentials
>>>>> /usr/sbin/samba_dnsupdate:     creds.get_named_ccache(lp, ccachename)
>>>>> /usr/sbin/samba_dnsupdate: RuntimeError: kinit for DEM$@DEMO.LOCAL failed (Cannot contact any KDC for requested realm)
>>>>> /usr/sbin/samba_dnsupdate:
>>>>> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED
>>>>> 
>>>>> my smb.conf look like this:
>>>>> global]
>>>>> 	workgroup = DEMO
>>>>> 	realm = demo.local
>>>>> 	server role = active directory domain controller
>>>>> 	passdb backend = samba_dsdb
>>>>> 	dns forwarder = 10.0.0.1
>>>>> 	rpc_server:tcpip = no
>>>>> 	rpc_daemon:spoolssd = embedded
>>>>> 	rpc_server:spoolss = embedded
>>>>> 	rpc_server:winreg = embedded
>>>>> 	rpc_server:ntsvcs = embedded
>>>>> 	rpc_server:eventlog = embedded
>>>>> 	rpc_server:srvsvc = embedded
>>>>> 	rpc_server:svcctl = embedded
>>>>> 	rpc_server:default = external
>>>>> 	idmap config * : backend = tdb
>>>>> 	map archive = No
>>>>> 	map readonly = no
>>>>> 	store dos attributes = Yes
>>>>> 	vfs objects = dfs_samba4, acl_xattr
>>>>> 
>>>>> [netlogon]
>>>>> 	path = /var/lib/samba/sysvol/demo.local/scripts
>>>>> 	read only = No
>>>>> 
>>>>> [sysvol]
>>>>> 	path = /var/lib/samba/sysvol
>>>>> 	read only = No
>>>>> 
>>>>> thanks for you help.
>>>>> 
>>>>> Peter
>>>>> 
>>>>> 
>>>>> 
>>>> It seems you are trying to forward dns queries to 10.0.0.1. Do you have another dns server listening at that address (btw. what is ip address of your samba box?) ? What does your resolv.conf look like? BTW your idmap config line is useless on a Samba 4.0.x AD DC.
>>>> 
>>>> Regards
>>>> 
>>>> Geza Gemes
>> You should put your samba servers ip in resolv.conf instead of your router and google, that way kerberos will start working, which it seems to be needed by dnsupdate.
>> 
>> Regards
>> 
>> Geza Gemes
> 