[Samba] Problems after PC is joined to the domain - Samba 4

steve steve at steve-ss.com
Thu Jun 5 03:47:22 MDT 2014


On Thu, 2014-06-05 at 10:15 +0300, Theodotos Andreou wrote:
> On 06/04/2014 01:46 PM, steve wrote:
> 
> > On Wed, 2014-06-04 at 13:34 +0300, Theodotos Andreou wrote:
> > > On 06/03/2014 01:18 PM, steve wrote:
> > > > On Tue, 2014-06-03 at 08:38 +0300, Theodotos Andreou wrote:
> > > > 
> > > > > OK I followed the guide blindly:
> > > > > 
> > > > > # grep 127 /etc/hosts
> > > > > 127.0.1.1	MYPCNAME.dom.forest.int MYPCNAME localhost
> > > > > 
> > Please correct this line.
> But this follows exactly the guide you send me previously
No it doesn't. My guide uses 127.0.0.1. That is not what you are using.

> > > > > The network interface is configured for DHCP
> > The DHCP configuration is also in the dns howto.
> dhcp client config is ok:
> root at ENT01LP628:~# cat /etc/network/interfaces
> # interfaces(5) file used by ifup(8) and ifdown(8)
> auto lo
> iface lo inet loopback
> 
> auto eth0
> iface eth0 inet dhcp
>         dns-nameservers 10.1.11.50 # this is to override 127.0.0.1
> 
> > > resolv.conf:
> > > 
> > > # cat /etc/resolv.conf
> > > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
> > > #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> > > nameserver 127.0.1.1
> > > search dom.forest.int
> > > 
> > No. Set the IP of the DC as the only nameserver. The dns configuration
> > is also in the howto.
> I will need to use the master DNS which is our unix based IPAM because
> the zones on the DCs are secondary.
You must use the dns on the DC. You cannot use any other.

> > > Ubuntu is using the dnsmasq-base on all recent version hence the 
> > > 127.0.0.1 above
> > > 
> > Disable dnsmasq just in case.
> > 
> > > nscd is not installed (It is not mentioned in the guide).
> > > So probably the problem is nscd? 
> > No.
> > > Should I install it?
> > No.
> OK I won't :)
> > Now un-join and then rejoin.
> > How are you updating the dns?
> > HTH
> > Steve
> > 
> > 
> Our DNS setup is rather peculiar. The domain controllers have only
> secondary zones that update our IPAM (which is the master), when a PC
> joins the domain. So you need to get the domain, PC hostnames, etc
> from the master.
> 
> Also it appears that having the FQDN in /etc/hostname is a bad idea:
> $ nslookup mypcname.dom.forest.int
> Server:		127.0.0.1
> Address:	127.0.0.1#53
> 
> Name:	mypcname.dom.forest.int.dom.forest.int
> Address: 10.100.1.190
> It seems that having the FQDN in /etc/hostname makes ubuntu believe
> that this is a simple hostname. Not sure what to think of it.
> According to the man page:
> 
> /etc/hostname Historically this file was supposed to only contain the
> hostname and not the full canonical FQDN. Nowadays most software is
> able to cope with a full FQDN here. This file is read at boot time by
> the system initialization scripts to set the hostname.
> 
> Apparently DNS and DHCP are not onw of those software :)
> 
> I fixed /etc/hostname to the actual hostname and continued.
> 
> Leaving domain was OK. Joining again gave:
> # net ads join -U 'admin'
> Enter admin's password:
> Using short domain name -- DOM
> Joined 'MYPCNAME' to dns domain 'dom.forest.int'
> DNS Update for MYPCNAME. failed: ERROR_DNS_UPDATE_FAILED
> DNS update failed: NT_STATUS_UNSUCCESSFUL
> 'net ads keytab' stopped giving errors though. 'wbinfo -u' still takes
> long to output the names and 'id username' fails to retrieve the
> username
> 
The only way to join the domain is to have the DNS on the same box as
the DC itself. Any other DNS server does not have access to the dns
databases necessary for AD. Until you do that. . .

> Is it possible to join a samba 4 pc as a member in Win2k2003 AD
> without SFU? Guides?
> 
You need a minimum of 2003 R2 or a schema update on 2003 to use rfc2307.
The schema which is shipped with Samba4 has rfc2307 out of the box. You
only need sfu if you wish to manipulate the 2307 attributes from
windows.
Yes, the schema which comes with Samba4 has full rfc2307 support out of
the box. The best guide is the samba wiki.
HTH
Steve
 




More information about the samba mailing list