[Samba] Problems after PC is joined to the domain - Samba 4

Theodotos Andreou theo at ubuntucy.org
Thu Jun 5 01:15:16 MDT 2014 

On 06/04/2014 01:46 PM, steve wrote:
> On Wed, 2014-06-04 at 13:34 +0300, Theodotos Andreou wrote:
>> On 06/03/2014 01:18 PM, steve wrote:
>>> On Tue, 2014-06-03 at 08:38 +0300, Theodotos Andreou wrote:
>>>
>>>> OK I followed the guide blindly:
>>>>
>>>> # grep 127 /etc/hosts
>>>> 127.0.1.1	MYPCNAME.dom.forest.int MYPCNAME localhost
>>>>
> Please correct this line.
But this follows exactly the guide you send me previously
>>>> The network interface is configured for DHCP
> The DHCP configuration is also in the dns howto.
dhcp client config is ok:

root at ENT01LP628:~# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
         dns-nameservers 10.1.11.50 # this is to override 127.0.0.1

>> resolv.conf:
>>
>> # cat /etc/resolv.conf
>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
>> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
>> nameserver 127.0.1.1
>> search dom.forest.int
>>
> No. Set the IP of the DC as the only nameserver. The dns configuration
> is also in the howto.
I will need to use the master DNS which is our unix based IPAM because 
the zones on the DCs are secondary.
>> Ubuntu is using the dnsmasq-base on all recent version hence the
>> 127.0.0.1 above
>>
> Disable dnsmasq just in case.
>
>> nscd is not installed (It is not mentioned in the guide).
>> So probably the problem is nscd?
> No.
>> Should I install it?
> No.
OK I won't :)
> Now un-join and then rejoin.
> How are you updating the dns?
> HTH
> Steve
>
>
Our DNS setup is rather peculiar. The domain controllers have only 
secondary zones that update our IPAM (which is the master), when a PC 
joins the domain. So you need to get the domain, PC hostnames, etc from 
the master.

Also it appears that having the FQDN in /etc/hostname is a bad idea:

$ nslookup mypcname.dom.forest.int
Server:		127.0.0.1
Address:	127.0.0.1#53

Name:	mypcname.dom.forest.int.dom.forest.int
Address: 10.100.1.190

It seems that having the FQDN in /etc/hostname makes ubuntu believe that 
this is a simple hostname. Not sure what to think of it. According to 
the man page:

//etc/hostname Historically this file was supposed to only contain the 
hostname and not the full canonical FQDN.*Nowadays most software is able 
to cope with a full FQDN here*. This file is read at boot time by the 
system initialization scripts to set the hostname.
/
Apparently DNS and DHCP are not onw of those software :)

I fixed /etc/hostname to the actual hostname and continued.

Leaving domain was OK. Joining again gave:

# net ads join -U 'admin'
Enter admin's password:
Using short domain name -- DOM
Joined 'MYPCNAME' to dns domain 'dom.forest.int'
DNS Update for MYPCNAME. failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL

'net ads keytab' stopped giving errors though. 'wbinfo -u' still takes 
long to output the names and 'id username' fails to retrieve the username

Looking at the configuration I was puzzled by this:

    idmap config LIM:schema_mode = rfc2307

the man page of idmap_ad says

        The idmap_ad plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307/SFU schema extensions.

We don't have SFU installed on our domain controllers. Is it possible to 
join a samba 4 pc as a member in Win2k2003 AD without SFU? Guides?

More information about the samba mailing list