[Samba] adding samba to win2008Rd domain as DC
Jacó Ramos
j4c0r4m0s at gmail.com
Wed Oct 23 04:40:08 MDT 2013
Aplied the patch: https://attachments.samba.org/attachment.cgi?id=9210
And works fine!
Thanks!
Jacó Ramos
2013/10/23 L.P.H. van Belle <belle at bazuin.nl>
> Hai.
>
> Im trying to add my samba to a win 2008R2 domain.
>
> Im following howto, but its not clear.
>
> what i did already.
> did read ( and follow
> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC )
> 1 installed samba and its packages, ( sernet samba is used )
> ( apt-get install sernet-samba-ad , extra are installed also )
> samba -V gives : Version 4.0.10-SerNet-Ubuntu-6.precise
>
> kinit and klist output is ok.
> klist output:
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at MYDOMAIN.LAN
> Valid starting Expires Service principal
> 23/10/2013 10:13 23/10/2013 20:13 krbtgt/MYDOMAIN.LAN at MYDOMAIN.LAN
> renew until 24/10/2013 10:13
>
> my readonly dns servers are in the /etc/resolve.conf ( and these servers
> have a copy of my domain, bind based and is ok )
> So, im followin howto and now at point join as a DC.
>
> here: Since samba4 rc2 the internal DNS server is default. If you want
> to join this or a higher version with using BIND as DNS backend, use the
> following command:
> # samba-tool domain join mydomain.lan DC -Uadministrator
> --realm=mydomain.lan --dns-backend=BIND9_DLZ
>
> but, first.. BIND as DNS.. setup. check.
> http://wiki.samba.org/index.php/Dns-backend_bind
> using bind9.8 , as it states.
> During provisioning/upgrading, a file
> ('/usr/local/samba/private/named.conf') was created, that must be included
> in your Bind named.conf:
>
> i have these three files :
> /usr/share/samba/setup/named.conf
> /usr/share/samba/setup/named.conf.dlz
> /usr/share/samba/setup/named.conf.update
>
> when i look in /usr/share/samba/setup/named.conf : ( is see variables
> not filled in, and thats correct, since no providioning done yet. )
>
> # This file should be included in your main BIND configuration file
> #
> # For example with
> # include "${NAMED_CONF}";
>
> zone "${DNSDOMAIN}." IN {
> type master;
> file "${ZONE_FILE}";
> /*
> * the list of principals and what they can change is created
> * dynamically by Samba, based on the membership of the domain
> controllers
> * group. The provision just creates this file as an empty file.
> */
> include "${NAMED_CONF_UPDATE}";
>
> /* we need to use check-names ignore so _msdcs A records can be
> created */
> check-names ignore;
> };
>
> BUT WAIT !
> the howto says...
>
> During provisioning/upgrading, a file
> ('/usr/local/samba/private/named.conf') was created, that must be included
> in your Bind named.conf:
>
> still no provisioning done, im in a loop of howtos....
>
> any suggestions ?
>
> So, im at point http://wiki.samba.org/index.php/Dns-backend_bind
> Configuring Bind as Samba Active Directory backend
>
> include "/usr/local/samba/private/named.conf"; ( i know this file is
> located after provisioning in /var/lib/samba/private for sernet samba. )
>
> and i need some help. following the howtos is not helping me. :-((
> this is the error i get.
>
> root at ms249-lin-007:/etc# samba-tool domain join mydomain.lan DC
> -Uadministrator --realm=mydomain.lan --dns-backend=BIND9_DLZ
> Finding a writeable DC for domain 'mydomain.lan'
> Found DC MS249-DB-001.mydomain.lan
> Password for [WORKGROUP\administrator]:
> workgroup is MYDOMAIN
> realm is mydomain.lan
> checking sAMAccountName
> Adding CN=MS249-LIN-007,OU=Domain Controllers,DC=mydomain,DC=lan
> Adding
> CN=MS249-LIN-007,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
> Adding CN=NTDS
> Settings,CN=MS249-LIN-007,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
> Adding SPNs to CN=MS249-LIN-007,OU=Domain Controllers,DC=mydomain,DC=lan
> Setting account password for MS249-LIN-007$
> Enabling account
> Adding DNS account CN=dns-MS249-LIN-007,CN=Users,DC=mydomain,DC=lan with
> dns/ SPN
> Join failed - cleaning up
> checking sAMAccountName
> Deleted CN=MS249-LIN-007,OU=Domain Controllers,DC=mydomain,DC=lan
> Deleted CN=NTDS
> Settings,CN=MS249-LIN-007,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
> Deleted
> CN=MS249-LIN-007,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
> ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM
> - <0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
> > <>
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 552, in run
> machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1169, in
> join_DC
> ctx.do_join()
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1072, in
> do_join
> ctx.join_add_objects()
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 616, in
> join_add_objects
> ctx.samdb.add(msg)
>
>
> someone any sugestions?
>
>
>
> Thanks,
>
> Louis
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
*"O homem não foi criado para ser feliz nem para vencer, mas para viver
para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
*
*
$whoami*
- Perito Forense Computacional
- Pentester
- Esp. em Segurança de Redes de Computadores com enfâse a Perícia
Forense Computacional - FACID
- Bacharel em Ciência da Computação - UESPI
- Administrador de Redes de Computadores
- CCNA Modulo II
- Lattes: *http://lattes.cnpq.br/1591329268136905*
Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
não deve usar, copiar ou divulgar as informações nela contida ou tomar
qualquer ação baseada nessas informações.
More information about the samba
mailing list