Quest of SUSE 10 with Server2k8 AD authentication
Danie.Wessels at pbmr.co.za
Thu Feb 13 00:49:16 MST 2014
Finally I start to know enough to can ask questions... =:^)
(How can I add machine 1 and 2 again as DCs with Delegation?)
>> How did you join the VM? Is the first DNS server on the VM set as the DC?
> I have not yet (until just now) successfully joined to the AD.
> The DNS server is the last one in the list in /etc/resolv.conf (not PDC ?) The PDC is the first one.
> I just now has managed to join the oracle VM with netbios name in smb.conf as machine02.
> Thats all. Could not kinit
Can now kinit and get an update of users with wbinfo -u, although only on myoracle01...
- This is the problem I want it on machine 1 and 2
> This was the type of problem I had before with with the DNS settings.
Maybe not exactly the same..
> I had the PDC switching back and forth to obsolete DC's I will investigate this further tomorrow and report back.
Another day later now. The DNS was fixed not to show obsolete DCs any more as name servers.
Now I somehow got myoracale01 to show as Domain Controller on AD PDC and from that one, myoracle01
I can join AND leave machine 1 and machine 2 by changing the netbios name in its smb.conf file !!! Hooray
This then adds and takes away machine 1 or machine 2 from the AD list of domain Computers.
* Then there is also the question of how to enable or disable Delegation of kerberos through samba?
>>As part of the net ads join process, the machine is registered.
registered as what?
as Domain Controller in the domain if realm is set to domain and security = user?
as Computer on Domain is security = ads?
>> If it is not then the DC does not know the fqdn of the VM.
>> An easy way to make sure is to un-join, add the fqdn to the localhost line in hosts.conf and rejoin.
The perusal, use, dissemination, copying or storing of this message or its attachments and the opening of attachments is subject to PBMR's standard email disclaimer available at internet address: http://www.pbmr.com/index.asp?Content=233 - Disclaimer or on request from the sender.
More information about the samba-technical