[Samba] Problems after PC is joined to the domain - Samba 4

Thu Jun 5 06:34:11 MDT 2014

On 06/05/2014 12:47 PM, steve wrote:
> On Thu, 2014-06-05 at 10:15 +0300, Theodotos Andreou wrote:
>> On 06/04/2014 01:46 PM, steve wrote:
>>
>>> On Wed, 2014-06-04 at 13:34 +0300, Theodotos Andreou wrote:
>>>> On 06/03/2014 01:18 PM, steve wrote:
>>>>> On Tue, 2014-06-03 at 08:38 +0300, Theodotos Andreou wrote:
>>>>>
>>>>>> OK I followed the guide blindly:
>>>>>>
>>>>>> # grep 127 /etc/hosts
>>>>>> 127.0.1.1	MYPCNAME.dom.forest.int MYPCNAME localhost
>>>>>>
>>> Please correct this line.
>> But this follows exactly the guide you send me previously
> No it doesn't. My guide uses 127.0.0.1. That is not what you are using.
>
>>>>>> The network interface is configured for DHCP
>>> The DHCP configuration is also in the dns howto.
>> dhcp client config is ok:
>> root at ENT01LP628:~# cat /etc/network/interfaces
>> # interfaces(5) file used by ifup(8) and ifdown(8)
>> auto lo
>> iface lo inet loopback
>>
>> auto eth0
>> iface eth0 inet dhcp
>>          dns-nameservers 10.1.11.50 # this is to override 127.0.0.1
>>
>>>> resolv.conf:
>>>>
>>>> # cat /etc/resolv.conf
>>>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
>>>> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
>>>> nameserver 127.0.1.1
>>>> search dom.forest.int
>>>>
>>> No. Set the IP of the DC as the only nameserver. The dns configuration
>>> is also in the howto.
>> I will need to use the master DNS which is our unix based IPAM because
>> the zones on the DCs are secondary.
> You must use the dns on the DC. You cannot use any other.
>
>>>> Ubuntu is using the dnsmasq-base on all recent version hence the
>>>> 127.0.0.1 above
>>>>
>>> Disable dnsmasq just in case.
>>>
>>>> nscd is not installed (It is not mentioned in the guide).
>>>> So probably the problem is nscd?
>>> No.
>>>> Should I install it?
>>> No.
>> OK I won't :)
>>> Now un-join and then rejoin.
>>> How are you updating the dns?
>>> HTH
>>> Steve
>>>
>>>
>> Our DNS setup is rather peculiar. The domain controllers have only
>> secondary zones that update our IPAM (which is the master), when a PC
>> joins the domain. So you need to get the domain, PC hostnames, etc
>> from the master.
>>
>> Also it appears that having the FQDN in /etc/hostname is a bad idea:
>> $ nslookup mypcname.dom.forest.int
>> Server:		127.0.0.1
>> Address:	127.0.0.1#53
>>
>> Name:	mypcname.dom.forest.int.dom.forest.int
>> Address: 10.100.1.190
>> It seems that having the FQDN in /etc/hostname makes ubuntu believe
>> that this is a simple hostname. Not sure what to think of it.
>> According to the man page:
>>
>> /etc/hostname Historically this file was supposed to only contain the
>> hostname and not the full canonical FQDN. Nowadays most software is
>> able to cope with a full FQDN here. This file is read at boot time by
>> the system initialization scripts to set the hostname.
>>
>> Apparently DNS and DHCP are not onw of those software :)
>>
>> I fixed /etc/hostname to the actual hostname and continued.
>>
>> Leaving domain was OK. Joining again gave:
>> # net ads join -U 'admin'
>> Enter admin's password:
>> Using short domain name -- DOM
>> Joined 'MYPCNAME' to dns domain 'dom.forest.int'
>> DNS Update for MYPCNAME. failed: ERROR_DNS_UPDATE_FAILED
>> DNS update failed: NT_STATUS_UNSUCCESSFUL
>> 'net ads keytab' stopped giving errors though. 'wbinfo -u' still takes
>> long to output the names and 'id username' fails to retrieve the
>> username
>>
> The only way to join the domain is to have the DNS on the same box as
> the DC itself. Any other DNS server does not have access to the dns
> databases necessary for AD. Until you do that. . .
>
>> Is it possible to join a samba 4 pc as a member in Win2k2003 AD
>> without SFU? Guides?
>>
> You need a minimum of 2003 R2 or a schema update on 2003 to use rfc2307.
> The schema which is shipped with Samba4 has rfc2307 out of the box. You
> only need sfu if you wish to manipulate the 2307 attributes from
> windows.
> Yes, the schema which comes with Samba4 has full rfc2307 support out of
> the box. The best guide is the samba wiki.
> HTH
> Steve
>   
>
>
So I guess that's it. Maybe I'll revert to samba3.

Just to feed my curiosity. Is it possible to join a samba 4 as a member 
on Windows 2003 (non R2)?