[Samba] Unable to join the domain, problem with DNS records

Luka Goltnik luka.goltnik at mave.si
Thu Jan 9 03:31:33 MST 2014 

Rowland hello,

o.m.s was just my attempt to try and shorten the whole thing o stands for
office m stands for mave and s stands for si.
As for files, here they are:

 /etc/samba/smb.conf
# Global parameters
[global]
        workgroup = MAVE.SI
        realm = OFFICE.MAVE.SI
        netbios name = OFFICE
        server role = active directory domain controller
        dns forwarder = 193.2.1.66
        idmap_ldb:use rfc2307 = yes
        server services = smb,dns,kdc
        local master = yes
        preferred master = yes


[netlogon]
        path = /var/lib/samba/sysvol/office.mave.si/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

------
 /etc/krb5.conf
[libdefaults]
        default_realm = OFFICE.MAVE.SI
        dns_lookup_realm = false
        dns_lookup_kdc = true
        ticket_lifetime = 24h
        forwardable = yes

[kdc]
        check-ticket-addresses = false

[realms]
        OFFICE.MAVE.SI = {
                kdc = office.mave.si:88
                admin_server = office.mave.si:749
                default_domain = office.mave.si
        }

[default_realm]
        .office.mave.si = OFFICE.MAVE.SI
        office.mave.si = OFFICE.MAVE.SI

[logging]
        default = FILE:/var/log/krb5/libs.log
        kdc = FILE:/var/log/krb5/kdc.log
        admin_server = FILE:/var/log/krb5/admin.log


----
/etc/hosts
# /etc/hosts: Local Host Database
#
# This file describes a number of aliases-to-address mappings for the for
# local hosts that share this file.
#
# In the presence of the domain name service or NIS, this file may not be
# consulted at all; see /etc/host.conf for the resolution order.
#

# IPv4 and IPv6 localhost aliases
127.0.0.1       localhost
::1             localhost
127.0.0.1       office
127.0.0.1       office.mave.si

192.168.1.16    office.mave.si  office

----
cat /etc/resolv.conf
# Generated by net-scripts for interface lo
domain mave.si


Regards,
Luka



On Thu, Jan 9, 2014 at 11:17 AM, Rowland Penny
<rowlandpenny at googlemail.com>wrote:

> On 09/01/14 09:59, Luka Goltnik wrote:
>
>> Dear Derek,
>>
>> thank you for your reply.
>>
>>
>> On Wed, Jan 8, 2014 at 11:28 PM, Werthmuller, Derek <
>> dwerthmu at ctg.albany.edu
>>
>>> wrote:
>>> Assuming that O.M.S is the full name of the domain.
>>>
>>>  Your assumption is correct.
>> Also, I don't know if this is a problem, but my server's hostname is also
>> o.
>>
>>
>>  Try running this command on the samba server to verify that clients will
>>> be able to find the DC via DNS.
>>> #host -t SRV _ldap._tcp.dc._msdcs.O.M.S
>>> The results should return the IP and name of the DC.
>>>
>>>  As you suggested, I issued the command #host -t SRV
>> _ldap._tcp.dc._msdcs.O.M.S, and this is the reply I got:
>> _ldap._tcp.dc._msdcs.o.m.s
>> has SRV record 0 100 389 *o.o.m.s*.
>>
>>
>> Now I don't have the record in DNS server for o.o.m.s and I think this is
>> where the problem lies but I have no clue as how to solve this issue. Also
>> you probably noticed, in reply there was no IP address.
>>
>>  o.o.m.s is the FQDN of your server, if I run the command you ran
> (altered to match my dns) I get a similar answer.
>
>
>  1) verify that the server isn't blocking the DNS port (53)
>>>
>>>  On the server DNS port 53 is accessible from my whole network and I'm
>> currently not running any firewall as the server is behind firewall and is
>> not accessible from outside world.
>>
>>
>>  2) Make sure that the windows client has its DNS server set to the IP
>>> address of your DC.
>>>
>>>  Made sure twice. ;-)
>>
>>
>>  3) Make sure that on the windows system in the name of the domain you are
>>> trying to become a member of is O.M.S  not just O.
>>>
>>>  I made sure about that, but the problem is, when joining a windows
>> client
>> into domain I get this error:
>>   "
>> DNS was successfully queried for the service location (SRV) resource
>> record
>> used to locate a domain controller for domain "OFFICE.MAVE.SI":
>>
>> The query was for the SRV record for _ldap._tcp.dc._msdcs.OFFICE.MAVE.SI
>>
>> The following domain controllers were identified by the query:
>> office.office.mave.si
>>
> Could you please post your krb5.conf, smb.conf, /etc/hostname, /etc/hosts
> and /etc/resolv.conf files.
> The problem, as I see it, is that samba seems to be trying to contact '
> OFFICE.MAVE.SI' but you keep referring to 'o.m.s' which appears to be the
> initial letters of the domain name.
>
> Rowland
>
>>
>> However no domain controllers could be contacted.
>> "
>> Which (at least I think so) implies, that the client managed to contact
>> the
>> DNS server on o.m.s, but got the reply *o.o.m.s* instead of *o.m.s* or IP
>>
>> address alone.
>>
>> Any thoughts?
>>
>>
>> Thanks for your help.
>>
>> Regards,
>> Luka
>>
>
>


-- 

Luka Goltnik

Mave d.o.o.

E-mail: luka.goltnik at mave.si

Tel.: + 386 59 951 844

GSM: + 386 40 602 834

www.mave.si

More information about the samba mailing list