[Samba] DNS Issues when joining a Domain as a DC

Thomas Kempf listen at hueper.de
Thu Oct 16 04:45:09 MDT 2014 

Hi Daniel,

Am 16.10.2014 um 12:12 schrieb Daniel Müller:
> Is your first DC a Samba4 host?
Yes 4.1.11 too

> Did you: samba-tool domain join YOURDOMAIN DC -Uadministrator
> --realm=your.realm --dns-backend=BIND9_DLZ
Yes, but i had to add the options "interfaces=127.0.01,192.168.0.1" and 
"bind interfaces only=yes" because i have
more interfaces on that machine

> samba-tool dns add your.master.dc your.realm YOUR.NEW.DC A your.new.dc.ip
> -Uadministrator
yes

> host -t A YOUR.NEW.DC.  must show no errors!!
it does not show errors as long as the nameserver is the Master DC.
when i use the nameserver on the new DC it does not get resolved.

> What about your krb5.conf?
On the new DC:
dns1:~# cat /etc/krb5.conf
[libdefaults]
         default_realm = AD.HUEPER.DE
         dns_lookup_realm = true
         dns_lookup_kdc = true

On the master DC:
dns2:~# cat /etc/krb5.conf
[libdefaults]
         default_realm = AD.HUEPER.DE
         dns_lookup_realm = false
         dns_lookup_kdc = true

> What about : samba-tool drs kcc -Uadministrator Your.domain.controllers  ?
I did not run that command initially. I thought this was only necessary 
when joining a MS-DC.
Just ran it at the moment

dns1:~# samba-tool drs kcc -Uadministrator
Password for [HUEPER\administrator]:
Consistency check on dns1.ad.hueper.de successful.

dns1:~# samba-tool drs kcc -Uadministrator dns2.ad.hueper.de
Password for [HUEPER\administrator]:
Consistency check on dns2.ad.hueper.de successful.




> Ex:
> samba-tool drs kcc -Uadministrator s4master.tplk.loc
> Password for [TPLK\administrator]:
> Consistency check on s4master.tplk.loc successful.
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
>
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Thomas Kempf
> Gesendet: Donnerstag, 16. Oktober 2014 11:35
> An: samba at lists.samba.org
> Betreff: [Samba] DNS Issues when joining a Domain as a DC
>
> Hi,
> yesterday i tried to join a domain as a DC with bind9 as dns-backend on
> Debian Wheezy with samba 4.1.11 from backports. I followed the tutorial in
> the wiki https://wiki.samba.org/index.php/Join_a_domain_as_a_DC but didn'
> find the instruction completely clear, so perhaps i made a mistake during
> the join.
> It is written there:
> "If you choose BIND as DNS backend, instead of the internal DNS, then you,
> of course, have to finish this before you continue"
> I could not figure out how to finish configuring bind as a backend, when the
> keytab file and the other bind-related files get created after joining the
> domain.
> So i ran the join command first, and with the files created in this step, i
> was able to get the DC up and running...
> I had to manually create the A and CNAME records on the old DC like it is
> written in the wiki in the part "Check required DNS entries of the new
> host". my guess was, that those entries should be replicated later on to the
> new DC seems not to work.
> When i check the name resolving of the A record on the newly joined DC it
> does not resolve whereas on the old one it works fine.
>
> AD-Domain is ad.hueper.de
> old DC is dns2.ad.hueper.de
> new DC is dns1.ad.hueper.de
>
> dns1:~# host -t A dns1.ad.hueper.de dns2.ad.hueper.de Using domain server:
> Name: dns2.ad.hueper.de
> Address: 192.168.0.2#53
> Aliases:
>
> dns1.ad.hueper.de has address 192.168.0.1
>
> dns1:~# host -t A dns1.ad.hueper.de dns1.ad.hueper.de Using domain server:
> Name: dns1.ad.hueper.de
> Address: 192.168.0.1#53
> Aliases:
>
> Host dns1.ad.hueper.de not found: 3(NXDOMAIN)
>
> When i look at the servers using RSAT DNS-Manager i can see the A-Record on
> both DNS-Servers, so i wonder why doesn't it resolve on the new DC ?
> Is it save to delete the A and CNAME Records and recreate them using RSAT ?
>
> kind regards
> Tom
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list