[Samba] Unable to join the domain, problem with DNS records

Thu Jan 9 04:44:43 MST 2014

Hi!

No I haven't, but I'm happy to report that I just got it working! :-)
You were right, the problem was the dot in the workgroup name. So I deleted
all the files and did the whole samba configuration again and I'm happy to
report, I managed to join the client computer to the domain. I couldn't be
more happy right now!

Thank you very much for your help! ;-)

Now off to setting up file shares and users. :-)

Best wishes,
Luka

On Thu, Jan 9, 2014 at 12:36 PM, Rowland Penny
<rowlandpenny at googlemail.com>wrote:

>  On 09/01/14 11:03, Luka Goltnik wrote:
>
>
>  On Thu, Jan 9, 2014 at 11:47 AM, Rowland Penny <
> rowlandpenny at googlemail.com> wrote:
>
>>  On 09/01/14 10:31, Luka Goltnik wrote:
>>
>> Rowland hello,
>>
>>  o.m.s was just my attempt to try and shorten the whole thing o stands
>> for office m stands for mave and s stands for si.
>>
>>
>>  So, lets be clear here, where you have posted o.m.s, we should read
>> office.mave.si ??
>>
>
>  Yes, that is correct
>
>
>>
>> When you attempt to join from a windows 7 client, just what are you
>> entering as the realm/workgroup ??
>>
>
>  I'm entering OFFICE.MAVE.SI
> Entering just MAVE.SI gives me a completely different error:
>  "
> An error occurred when DNS was queried for the service location (SRV)
> resource record used to locate an Active Directory Domain Controller (AD
> DC) for domain "MAVE.SI".
>
>  The error was: "No records found for given DNS query."
> (error code 0x0000251D DNS_INFO_NO_RECORDS)
>
>  The query was for the SRV record for _ldap._tcp.dc._msdcs.MAVE.SI
>  "
> Which kind of makes sense, since I get this answer from my server:
>   # host -t SRV _ldap._tcp.dc._msdcs.MAVE.SI
> _ldap._tcp.dc._msdcs.MAVE.SI has no SRV record
>
>
>    As for files, here they are:
>>
>>   /etc/samba/smb.conf
>> # Global parameters
>> [global]
>>         workgroup = MAVE.SI
>>
>>
>>  I have a feeling that you cannot use a dot in the workgroup name, i.e.
>> MAVE_SI would be ok, but MAVE.SI as you have it wouldn't.
>>
>
>  I can just change it to MAVE in case that that's the problem. The only
> question is, do I have to go through the whole initialization of samba all
> over again?
>
>>
>>    Try changing the above file to this: (the default samba4 one)
>>
>>
>> [libdefaults]
>>         default_realm = OFFICE.MAVE.SI
>>         dns_lookup_realm = false
>>         dns_lookup_kdc = true
>>
>
>  Did that and it Kerberos still works, if I try testing it with kinit and
> klist commands.
>
>
>>   ----
>> /etc/hosts
>>  # /etc/hosts: Local Host Database
>> #
>> # This file describes a number of aliases-to-address mappings for the for
>> # local hosts that share this file.
>> #
>> # In the presence of the domain name service or NIS, this file may not be
>> # consulted at all; see /etc/host.conf for the resolution order.
>> #
>>
>>  # IPv4 and IPv6 localhost aliases
>> 127.0.0.1       localhost
>> ::1             localhost
>> 127.0.0.1       office
>> 127.0.0.1       office.mave.si
>>
>>  192.168.1.16    office.mave.si  office
>>
>>  ----
>>
>>
>>  Hmm, the 127.0.0.1 line should probably be just '127.0.0.1    office'
>>
>
>  I removed the other one now.
>
>
>>    cat /etc/resolv.conf
>> # Generated by net-scripts for interface lo
>> domain mave.si
>>
>>
>>   And here is probably your main problem, it is not pointing to your
>> samba dns server, it should be:
>>
>> search mave.si
>> domain <http://mave.si>mave.si
>> nameserver 127.0.0.1
>>
>
>  And did this as well.
>
>  But I still have the same problem joining client to domain as I did
> before.
>
>
>  Regards,
> Luka
>
>
> Hi, did you alter smb.conf in any way ??
>
> I would have expected the [global] part to look like this:
>
> [global]
>         workgroup = MAVE.SI
>         realm = office.mave.si
>
>         netbios name = OFFICE
>         server role = active directory domain controller
>         dns forwarder = 193.2.1.66
>         idmap_ldb:use rfc2307 = yes
>
> Rowland
>
>