[Samba] Samba4 - Problem trying to add Win 2008 R2 server to Samba4 AD-DC

David Gonzalez info at dghvoip.com
Mon Aug 9 22:06:11 MDT 2010


Hi,
'm trying to setup a Win 2k8 r2 as member server of my domain as Andrew did
on his video, but I've come across this error:

Aug  9 22:47:10 voip named[17100]: client 192.168.254.160#62102: updating
zone 'samba.dghvoip.com/IN': update unsuccessful: samba.dghvoip.com: 'name
not in use' prerequisite not satisfied (YXDOMAIN)

I followed SambaWiki howto word by word, and my Win2k8k has static IP
192.168.254.160 and my samba box (192.168.254.100) as DNS.

when I run dcpromo and see the "Add additional server options" screen, the
white window with "We could not determine if dynamic updates are enabled on
the DNS Server....".

My setup is as follows:

# samba -V
Version 4.0.0alpha12-GIT-e0f79da

DHCPD server is running on this same machine.

# cat /etc/dhcpd.conf
# If hardware address begins with 00:FF, the client is an
# openvpn tap adapter, and we do not want to assign a
# default gateway or dns server.  Assign then to a special
# subclass and configure a pool which does not hand out
# these parameters.
class "openvpn" {
        match if substring (hardware, 1, 2) = 00:FF;
}

# end class declaration
authoritative;                          # No other DHCP servers on this
subnet
ddns-update-style interim;      # Supported update method - see man
dhcpd.conf
allow client-updates;           # Overwrite client configured FQHNs
# If you have fixed-address entries you want to use dynamic dns
update-static-leases            on;
one-lease-per-client            on;
ping-timeout                            5;
deny                                            duplicates;
allow                                           booting;
allow                                           bootp;
option option-128 code 128 = string;
option option-129 code 129 = text;

key dhcpupdate {                        # Key for DNS updates
    algorithm hmac-md5;
    secret "v63XUntwqSRXBjbVhLsGQg==";
}

zone dghvoip.lan. {
        primary 127.0.0.1;
        key dhcpupdate;
}

zone 254.168.192.in-addr.arpa. {
        primary 127.0.0.1;
        key dhcpupdate;
}

subnet 192.168.254.0 netmask 255.255.255.0 {
#       ignore client-updates;
        always-broadcast                        on;
        ddns-updates                            on;
        ddns-rev-domainname             "in-addr.arpa";
        ddns-domainname                         "dghvoip.lan";
#       default-lease-time                      280600;
#       max-lease-time                          561200;
        next-server                                     192.168.254.110;
        filename                                        "/pxelinux.0";
        option subnet-mask                      255.255.255.0;
        option domain-name                      "dghvoip.lan";
        option domain-name-servers      192.168.254.110, 192.168.254.130,
208.67.222.222;
        option time-offset                      -0500;
        option ntp-servers                      192.168.254.110;
        option time-servers                     192.168.254.110;
        option tftp-server-name         "xenserver.dghvoip.lan";
        one-lease-per-client            true;
        # required for phones to pickup profile
        option netbios-name-servers     192.168.254.130;
        option netbios-node-type        8;
        ###########################
        ### LAN non-VPN Clients ###
        ###########################
        pool {
                deny members of "openvpn";
                range 192.168.254.51 192.168.254.99;
                option routers          192.168.254.1;
                option domain-name-servers  192.168.254.130, 208.67.222.222;
                one-lease-per-client true;
                default-lease-time      280600;
                max-lease-time          561200;
                #dns-hostname = concat ("dhcp-", binary-to-ascii (10, 8,
"-", leased-address));
        }
        #############################
        ### VPN CLient parameters ###
        #############################
        pool {
                allow members of "openvpn";
                range 192.168.254.21 192.168.254.50;
                ddns-hostname = concat ("vpn-", binary-to-ascii (10, 8, "-",
leased-address));
                option domain-name-servers      192.168.254.110,
192.168.254.130;
        option netbios-name-servers     192.168.254.160;
                option netbios-node-type        8;
                default-lease-time                      3600;
                max-lease-time                          7200;
                one-lease-per-client            true;
        }
}


# /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 192.168.254.100; };
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };
    recursion yes;
//  dnssec-enable yes;
//  dnssec-validation yes;
//  dnssec-lookaside . trust-anchor dlv.isc.org.;
[01] /etc/named.conf                                                   21,01
Top

# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 192.168.254.100; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;
//      dnssec-enable yes;
//      dnssec-validation yes;
//      dnssec-lookaside . trust-anchor dlv.isc.org.;

        tkey-gssapi-credential "DNS/samba.dghvoip.com";
        tkey-domain "SAMBA.DGHVOIP.COM";

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/usr/local/samba/private/named.conf";

include "/etc/named.rfc1912.zones";

include "/etc/named.iscdlv.key";


# cat /usr/local/samba/private/named.conf

zone "samba.dghvoip.com." IN {
        type master;
        file "/usr/local/samba/private/dns/samba.dghvoip.com.zone";
        include "/usr/local/samba/private/named.conf.update";
        check-names ignore;
};

# cat /usr/local/samba/private/named.
named.conf         named.conf.update  named.txt
[root at voip ~]# cat /usr/local/samba/private/named.conf.update
/* this file is auto-generated - do not edit */
update-policy {
        grant SAMBA.DGHVOIP.COM ms-self * A AAAA;
        grant administrator at SAMBA.DGHVOIP.COM wildcard * A AAAA SRV CNAME
TXT;
        grant VOIP$@SAMBA.DGHVOIP.COM wildcard * A AAAA SRV CNAME;
};


# cat /usr/local/samba/private/dns/samba.dghvoip.com.zone
; -*- zone -*-
; generated by provision.pl
$ORIGIN samba.dghvoip.com.
$TTL 1W
@               IN SOA  @   hostmaster (
                                2010080921   ; serial
                                2D              ; refresh
                                4H              ; retry
                                6W              ; expiry
                                1W )            ; minimum
                        IN NS   voip

            IN A    192.168.254.100
;

voip        IN A    192.168.254.100
gc._msdcs               IN A    192.168.254.100

ebb75fa1-e4ac-443c-ad9d-9878e1ff3f0d._msdcs     IN CNAME        voip
;
; global catalog servers
_gc._tcp                IN SRV 0 100 3268       voip
_gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268       voip
_ldap._tcp.gc._msdcs    IN SRV 0 100 3268       voip
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs     IN SRV 0 100 3268
voip
;
; ldap servers
_ldap._tcp              IN SRV 0 100 389        voip
_ldap._tcp.dc._msdcs    IN SRV 0 100 389        voip
_ldap._tcp.pdc._msdcs   IN SRV 0 100 389        voip
_ldap._tcp.7620096c-a269-4881-99e1-149da78a4a36.domains._msdcs          IN
SRV 0 100 389 voip
_ldap._tcp.Default-First-Site-Name._sites               IN SRV 0 100 389
voip
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs     IN SRV 0 100 389
voip
;
; krb5 servers
_kerberos._tcp          IN SRV 0 100 88         voip
_kerberos._tcp.dc._msdcs        IN SRV 0 100 88 voip
_kerberos._tcp.Default-First-Site-Name._sites   IN SRV 0 100 88 voip
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 voip
_kerberos._udp          IN SRV 0 100 88         voip
; MIT kpasswd likes to lookup this name on password change
_kerberos-master._tcp           IN SRV 0 100 88         voip
_kerberos-master._udp           IN SRV 0 100 88         voip
;
; kpasswd
_kpasswd._tcp           IN SRV 0 100 464        voip
_kpasswd._udp           IN SRV 0 100 464        voip
;
; heimdal 'find realm for host' hack
_kerberos               IN TXT  SAMBA.DGHVOIP.COM


# cat /etc/krb5.conf
[libdefaults]
        default_realm = SAMBA.DGHVOIP.COM
        dns_lookup_realm = false
        dns_lookup_kdc = false
        ticket_lifetime = 24h
        forwardable = yes

[realms]
        SAMBA.DGHVOIP.COM = {
                kdc = voip.samba.dghvoip.com:88
                admin_server = voip.samba.dghvoip.com:749
                default_domain = samba.dghvoip.com
        }

[domain_realm]
        .samba.dghvoip.com = SAMBA.DGHVOIP.COM
        samba.dghvoip.com = SAMBA.DGHVOIP.COM


# cat /usr/local/samba/etc/smb.conf
[globals]
        netbios name    = VOIP
        workgroup       = DGHVOIP
        realm           = SAMBA.DGHVOIP.COM
        server role     = domain controller
    interfaces      = eth0
    wins support    = yes
    log level       = 3
    rndc command    = true

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/dghvoip.lan/scripts
        read only = no

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = no

[media]
       path = /home/downloads
       read only = no

[profiles]
       path = /home/profiles
       read only = no

[temp]
       path = /tmp
       read only = no

# cat /etc/resolv.conf
nameserver localhost
nameserver 127.0.0.1

# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1                       localhost.localdomain localhost
::1                                     localhost6.localdomain6 localhost6
192.168.254.100         voip.samba.dghvoip.com voip

# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=voip.samba.dghvoip.com
GATEWAY=192.168.254.1

If any additional info is required I'll be glad to post it here.

Any tips will be greatly appreciated

Thanks

---
David Gonzalez H.
DGHVoIP - OPEN SOURCE TELEPHONY SOLUTIONS
Phone Bogotá: +(57-1)289-1168
Phone Medellin: +(57-4)247-0985
Mobile: +(57)315-838-8326
MSN: david at planetaradio.net
Skype: davidgonzalezh
WEB: http://www.dghvoip.com/
Proud Linux User #294661


More information about the samba mailing list