[Samba] Few questions about members
steve
steve at steve-ss.com
Wed Jun 4 14:02:29 MDT 2014
On Wed, 2014-06-04 at 15:37 -0400, Steve Campbell wrote:
> On 6/4/2014 3:13 PM, steve wrote:
> > On Wed, 2014-06-04 at 12:22 -0400, Steve Campbell wrote:
> >> Top posting now because the original was useless.
> >>
> >> When we try to join a member to the domain, the following results are given:
> >>
> >> # /usr/local/samba/bin/net ads join -U administrator
> >> Enter administrator's password:
> >> Using short domain name -- TS
> >> Joined 'MEMBER1' to dns domain 'ts.mystuff.com'
> >> DNS Update for member1.ts.mystuff.com failed: ERROR_DNS_UPDATE_FAILED
> >> DNS update failed: NT_STATUS_UNSUCCESSFUL
> >>
> >> DNS seems to work as expected, though. The previous tests showed working
> >> DNS.
> > That's the worrying part. Samba still issues tickets even with the wrong
> > (or no) dns registered in AD.
> >> We have even added the A record for the server manually.
> >>
> >> # host -t A member1.ts.mystuff.com
> >> member1.ts.mystuff.com has address 192.9.200.84
> > Hi
> > It doesn't matter if you add the record or not. It is the machine you
> > are joining which HAS to send it's own ID. The best (only way we've
> > found at least) way to do this is in /etc/hosts
> > 127.0.0.1 member1.ts.mystuff.com member1 localhost
> >
> > If you're dhcp, you'll also need some way to update the dns on the DC
> > although worryingly, as we just said, you can still get tickets with the
> > wrong or no IP in AD.
> > HTH
> > Steve
> >
> >
> Does it have to be localhost? I didn't install this machine, and just
> discovered the person who put Centos on only used "Storage" as the
> hostname (not fully qualified). I don't think it matters in this venue
> what the real hostname is as long as the Netbios name matches what you
> put in the host file.
>
Yes. as you've seen, it does matter, otherwise the machine is not
registered in dns at join time. Even though it appears to work, we'd
really recommend you get it right to begin with.
> So, now that I know things must be in hosts (I presume it needs to be
> that way on the AD as well?), do I need to do anything like Un"join" and
> then re"join" the member?
>
I was assuming that as you were using net ads join then you were already
joining to AD. Once you have the dns set up correctly, simply net ads
leave and then net ads join once more. That should get you registered in
dns at least and if your client is fixed IP that all you need do. If
however you are using dhcp allocation, you're gonna need some method of
updating the client dns when it changes. (but see my last post on the
dns worries).
> Any thing that clues us in helps, so I'm sure you've helped a bit.
If you accept errors now, even though it appears to work, you are asking
for trouble further down the line. We speak from dire experience.
Make sure that hostname -f, hostname -s and hostname -d return
correctly.
Cheers,
Steve
More information about the samba
mailing list