[Samba] Unable to join the domain, problem with DNS records

Rowland Penny rowlandpenny at googlemail.com
Thu Jan 9 03:47:32 MST 2014 

On 09/01/14 10:31, Luka Goltnik wrote:
> Rowland hello,
>
> o.m.s was just my attempt to try and shorten the whole thing o stands 
> for office m stands for mave and s stands for si.

So, lets be clear here, where you have posted o.m.s, we should read 
office.mave.si ??

When you attempt to join from a windows 7 client, just what are you 
entering as the realm/workgroup ??

> As for files, here they are:
>
>  /etc/samba/smb.conf
> # Global parameters
> [global]
>         workgroup = MAVE.SI <http://MAVE.SI>

I have a feeling that you cannot use a dot in the workgroup name, i.e. 
MAVE_SI would be ok, but MAVE.SI as you have it wouldn't.

>         realm = OFFICE.MAVE.SI <http://OFFICE.MAVE.SI>
>         netbios name = OFFICE
>         server role = active directory domain controller
>         dns forwarder = 193.2.1.66
>         idmap_ldb:use rfc2307 = yes
>         server services = smb,dns,kdc
>         local master = yes
>         preferred master = yes
>
>
> [netlogon]
>         path = /var/lib/samba/sysvol/office.mave.si/scripts 
> <http://office.mave.si/scripts>
>         read only = No
>
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
>
> ------
>  /etc/krb5.conf
> [libdefaults]
>         default_realm = OFFICE.MAVE.SI <http://OFFICE.MAVE.SI>
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>         ticket_lifetime = 24h
>         forwardable = yes
>
> [kdc]
>         check-ticket-addresses = false
>
> [realms]
> OFFICE.MAVE.SI <http://OFFICE.MAVE.SI> = {
>                 kdc = office.mave.si:88 <http://office.mave.si:88>
>                 admin_server = office.mave.si:749 
> <http://office.mave.si:749>
>                 default_domain = office.mave.si <http://office.mave.si>
>         }
>
> [default_realm]
>         .office.mave.si <http://office.mave.si> = OFFICE.MAVE.SI 
> <http://OFFICE.MAVE.SI>
> office.mave.si <http://office.mave.si> = OFFICE.MAVE.SI 
> <http://OFFICE.MAVE.SI>
>
> [logging]
>         default = FILE:/var/log/krb5/libs.log
>         kdc = FILE:/var/log/krb5/kdc.log
>         admin_server = FILE:/var/log/krb5/admin.log
>
>
Try changing the above file to this: (the default samba4 one)

[libdefaults]
         default_realm = OFFICE.MAVE.SI <http://OFFICE.MAVE.SI>
         dns_lookup_realm = false
         dns_lookup_kdc = true

> ----
> /etc/hosts
> # /etc/hosts: Local Host Database
> #
> # This file describes a number of aliases-to-address mappings for the for
> # local hosts that share this file.
> #
> # In the presence of the domain name service or NIS, this file may not be
> # consulted at all; see /etc/host.conf for the resolution order.
> #
>
> # IPv4 and IPv6 localhost aliases
> 127.0.0.1       localhost
> ::1             localhost
> 127.0.0.1       office
> 127.0.0.1 office.mave.si <http://office.mave.si>
>
> 192.168.1.16 office.mave.si <http://office.mave.si>  office
>
> ----

Hmm, the 127.0.0.1 line should probably be just '127.0.0.1 office'

> cat /etc/resolv.conf
> # Generated by net-scripts for interface lo
> domain mave.si <http://mave.si>
>
>
And here is probably your main problem, it is not pointing to your samba 
dns server, it should be:

search mave.si <http://mave.si>
domain <http://mave.si>mave.si <http://mave.si>
nameserver 127.0.0.1

Rowland

> Regards,
> Luka
>
>
>
> On Thu, Jan 9, 2014 at 11:17 AM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
>     On 09/01/14 09:59, Luka Goltnik wrote:
>
>         Dear Derek,
>
>         thank you for your reply.
>
>
>         On Wed, Jan 8, 2014 at 11:28 PM, Werthmuller, Derek
>         <dwerthmu at ctg.albany.edu <mailto:dwerthmu at ctg.albany.edu>
>
>             wrote:
>             Assuming that O.M.S is the full name of the domain.
>
>         Your assumption is correct.
>         Also, I don't know if this is a problem, but my server's
>         hostname is also o.
>
>
>             Try running this command on the samba server to verify
>             that clients will
>             be able to find the DC via DNS.
>             #host -t SRV _ldap._tcp.dc._msdcs.O.M.S
>             The results should return the IP and name of the DC.
>
>         As you suggested, I issued the command #host -t SRV
>         _ldap._tcp.dc._msdcs.O.M.S, and this is the reply I got:
>         _ldap._tcp.dc._msdcs.o.m.s
>         has SRV record 0 100 389 *o.o.m.s*.
>
>
>         Now I don't have the record in DNS server for o.o.m.s and I
>         think this is
>         where the problem lies but I have no clue as how to solve this
>         issue. Also
>         you probably noticed, in reply there was no IP address.
>
>     o.o.m.s is the FQDN of your server, if I run the command you ran
>     (altered to match my dns) I get a similar answer.
>
>
>             1) verify that the server isn't blocking the DNS port (53)
>
>         On the server DNS port 53 is accessible from my whole network
>         and I'm
>         currently not running any firewall as the server is behind
>         firewall and is
>         not accessible from outside world.
>
>
>             2) Make sure that the windows client has its DNS server
>             set to the IP
>             address of your DC.
>
>         Made sure twice. ;-)
>
>
>             3) Make sure that on the windows system in the name of the
>             domain you are
>             trying to become a member of is O.M.S  not just O.
>
>         I made sure about that, but the problem is, when joining a
>         windows client
>         into domain I get this error:
>           "
>         DNS was successfully queried for the service location (SRV)
>         resource record
>         used to locate a domain controller for domain "OFFICE.MAVE.SI
>         <http://OFFICE.MAVE.SI>":
>
>         The query was for the SRV record for
>         _ldap._tcp.dc._msdcs.OFFICE.MAVE.SI <http://msdcs.OFFICE.MAVE.SI>
>
>         The following domain controllers were identified by the query:
>         office.office.mave.si <http://office.office.mave.si>
>
>     Could you please post your krb5.conf, smb.conf, /etc/hostname,
>     /etc/hosts and /etc/resolv.conf files.
>     The problem, as I see it, is that samba seems to be trying to
>     contact 'OFFICE.MAVE.SI <http://OFFICE.MAVE.SI>' but you keep
>     referring to 'o.m.s' which appears to be the initial letters of
>     the domain name.
>
>     Rowland
>
>
>         However no domain controllers could be contacted.
>         "
>         Which (at least I think so) implies, that the client managed
>         to contact the
>         DNS server on o.m.s, but got the reply *o.o.m.s* instead of
>         *o.m.s* or IP
>
>         address alone.
>
>         Any thoughts?
>
>
>         Thanks for your help.
>
>         Regards,
>         Luka
>
>
>
>
>
> -- 
>
> Luka Goltnik
>
> Mave d.o.o.
>
> E-mail: luka.goltnik at mave.si <mailto:luka.goltnik at mave.si>**
>
> Tel.: + 386 59 951 844
>
> GSM: + 386 40 602 834
>
> www.mave.si <http://www.mave.si>
>

More information about the samba mailing list