[Samba] Problems after PC is joined to the domain - Samba 4

[Theodotos Andreou]

On 06/05/2014 10:15 AM, Theodotos Andreou wrote:
> On 06/04/2014 01:46 PM, steve wrote:
>> On Wed, 2014-06-04 at 13:34 +0300, Theodotos Andreou wrote:
>>> On 06/03/2014 01:18 PM, steve wrote:
>>>> On Tue, 2014-06-03 at 08:38 +0300, Theodotos Andreou wrote:
>>>>
>>>>> OK I followed the guide blindly:
>>>>>
>>>>> # grep 127 /etc/hosts
>>>>> 127.0.1.1    MYPCNAME.dom.forest.int MYPCNAME localhost
>>>>>
>> Please correct this line.
> But this follows exactly the guide you send me previously
>>>>> The network interface is configured for DHCP
>> The DHCP configuration is also in the dns howto.
> dhcp client config is ok:
>
> root at ENT01LP628:~# cat /etc/network/interfaces
> # interfaces(5) file used by ifup(8) and ifdown(8)
> auto lo
> iface lo inet loopback
>
> auto eth0
> iface eth0 inet dhcp
>         dns-nameservers 10.1.11.50 # this is to override 127.0.0.1
>
>>> resolv.conf:
>>>
>>> # cat /etc/resolv.conf
>>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by 
>>> resolvconf(8)
>>> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
>>> nameserver 127.0.1.1
>>> search dom.forest.int
>>>
>> No. Set the IP of the DC as the only nameserver. The dns configuration
>> is also in the howto.
> I will need to use the master DNS which is our unix based IPAM because 
> the zones on the DCs are secondary.
>>> Ubuntu is using the dnsmasq-base on all recent version hence the
>>> 127.0.0.1 above
>>>
>> Disable dnsmasq just in case.
>>
>>> nscd is not installed (It is not mentioned in the guide).
>>> So probably the problem is nscd?
>> No.
>>> Should I install it?
>> No.
> OK I won't :)
>> Now un-join and then rejoin.
>> How are you updating the dns?
>> HTH
>> Steve
>>
>>
> Our DNS setup is rather peculiar. The domain controllers have only 
> secondary zones that update our IPAM (which is the master), when a PC 
> joins the domain. So you need to get the domain, PC hostnames, etc 
> from the master.
>
> Also it appears that having the FQDN in /etc/hostname is a bad idea:
>
> $ nslookup mypcname.dom.forest.int
> Server:        127.0.0.1
> Address:    127.0.0.1#53
>
> Name:    mypcname.dom.forest.int.dom.forest.int
> Address: 10.100.1.190
>
> It seems that having the FQDN in /etc/hostname makes ubuntu believe 
> that this is a simple hostname. Not sure what to think of it. 
> According to the man page:
>
> //etc/hostname Historically this file was supposed to only contain the 
> hostname and not the full canonical FQDN.*Nowadays most software is 
> able to cope with a full FQDN here*. This file is read at boot time by 
> the system initialization scripts to set the hostname.
> /
> Apparently DNS and DHCP are not onw of those software :)
>
> I fixed /etc/hostname to the actual hostname and continued.
>
> Leaving domain was OK. Joining again gave:
>
> # net ads join -U 'admin'
> Enter admin's password:
> Using short domain name -- DOM
> Joined 'MYPCNAME' to dns domain 'dom.forest.int'
> DNS Update for MYPCNAME. failed: ERROR_DNS_UPDATE_FAILED
> DNS update failed: NT_STATUS_UNSUCCESSFUL
>
> 'net ads keytab' stopped giving errors though. 'wbinfo -u' still takes 
> long to output the names and 'id username' fails to retrieve the username
>
> Looking at the configuration I was puzzled by this:
>
>    idmap config LIM:schema_mode = rfc2307
>
> the man page of idmap_ad says
>
>        The idmap_ad plugin provides a way for Winbind to read id 
> mappings from an AD server that uses RFC2307/SFU schema extensions.
>
> We don't have SFU installed on our domain controllers. Is it possible 
> to join a samba 4 pc as a member in Win2k2003 AD without SFU? Guides?
>
Ignore the SFU related comment. The manual says:

"Defines the schema that idmap_ad should use when querying Active 
Directory regarding user and group information. *This can be either the 
RFC2307 schema support included in Windows 2003 R2* or the Service for 
Unix (SFU) schema. For SFU 3.0 or 3.5 please choose "sfu", for SFU 2.0 
please choose"