[Samba] DNS Issues when joining a Domain as a DC

Rowland Penny rowlandpenny at googlemail.com
Thu Oct 16 04:54:31 MDT 2014 

On 16/10/14 11:45, Thomas Kempf wrote:
> Hi Daniel,
>
> Am 16.10.2014 um 12:12 schrieb Daniel Müller:
>> Is your first DC a Samba4 host?
> Yes 4.1.11 too
>
>> Did you: samba-tool domain join YOURDOMAIN DC -Uadministrator
>> --realm=your.realm --dns-backend=BIND9_DLZ
> Yes, but i had to add the options "interfaces=127.0.01,192.168.0.1" 
> and "bind interfaces only=yes" because i have
> more interfaces on that machine
>

Just where did you add these options and when ?

Rowland

>> samba-tool dns add your.master.dc your.realm YOUR.NEW.DC A 
>> your.new.dc.ip
>> -Uadministrator
> yes
>
>> host -t A YOUR.NEW.DC.  must show no errors!!
> it does not show errors as long as the nameserver is the Master DC.
> when i use the nameserver on the new DC it does not get resolved.
>
>> What about your krb5.conf?
> On the new DC:
> dns1:~# cat /etc/krb5.conf
> [libdefaults]
>         default_realm = AD.HUEPER.DE
>         dns_lookup_realm = true
>         dns_lookup_kdc = true
>
> On the master DC:
> dns2:~# cat /etc/krb5.conf
> [libdefaults]
>         default_realm = AD.HUEPER.DE
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>
>> What about : samba-tool drs kcc -Uadministrator 
>> Your.domain.controllers  ?
> I did not run that command initially. I thought this was only 
> necessary when joining a MS-DC.
> Just ran it at the moment
>
> dns1:~# samba-tool drs kcc -Uadministrator
> Password for [HUEPER\administrator]:
> Consistency check on dns1.ad.hueper.de successful.
>
> dns1:~# samba-tool drs kcc -Uadministrator dns2.ad.hueper.de
> Password for [HUEPER\administrator]:
> Consistency check on dns2.ad.hueper.de successful.
>
>
>
>
>> Ex:
>> samba-tool drs kcc -Uadministrator s4master.tplk.loc
>> Password for [TPLK\administrator]:
>> Consistency check on s4master.tplk.loc successful.
>>
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>>
>>
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org 
>> [mailto:samba-bounces at lists.samba.org] Im
>> Auftrag von Thomas Kempf
>> Gesendet: Donnerstag, 16. Oktober 2014 11:35
>> An: samba at lists.samba.org
>> Betreff: [Samba] DNS Issues when joining a Domain as a DC
>>
>> Hi,
>> yesterday i tried to join a domain as a DC with bind9 as dns-backend on
>> Debian Wheezy with samba 4.1.11 from backports. I followed the 
>> tutorial in
>> the wiki https://wiki.samba.org/index.php/Join_a_domain_as_a_DC but 
>> didn'
>> find the instruction completely clear, so perhaps i made a mistake 
>> during
>> the join.
>> It is written there:
>> "If you choose BIND as DNS backend, instead of the internal DNS, then 
>> you,
>> of course, have to finish this before you continue"
>> I could not figure out how to finish configuring bind as a backend, 
>> when the
>> keytab file and the other bind-related files get created after 
>> joining the
>> domain.
>> So i ran the join command first, and with the files created in this 
>> step, i
>> was able to get the DC up and running...
>> I had to manually create the A and CNAME records on the old DC like 
>> it is
>> written in the wiki in the part "Check required DNS entries of the new
>> host". my guess was, that those entries should be replicated later on 
>> to the
>> new DC seems not to work.
>> When i check the name resolving of the A record on the newly joined 
>> DC it
>> does not resolve whereas on the old one it works fine.
>>
>> AD-Domain is ad.hueper.de
>> old DC is dns2.ad.hueper.de
>> new DC is dns1.ad.hueper.de
>>
>> dns1:~# host -t A dns1.ad.hueper.de dns2.ad.hueper.de Using domain 
>> server:
>> Name: dns2.ad.hueper.de
>> Address: 192.168.0.2#53
>> Aliases:
>>
>> dns1.ad.hueper.de has address 192.168.0.1
>>
>> dns1:~# host -t A dns1.ad.hueper.de dns1.ad.hueper.de Using domain 
>> server:
>> Name: dns1.ad.hueper.de
>> Address: 192.168.0.1#53
>> Aliases:
>>
>> Host dns1.ad.hueper.de not found: 3(NXDOMAIN)
>>
>> When i look at the servers using RSAT DNS-Manager i can see the 
>> A-Record on
>> both DNS-Servers, so i wonder why doesn't it resolve on the new DC ?
>> Is it save to delete the A and CNAME Records and recreate them using 
>> RSAT ?
>>
>> kind regards
>> Tom
>>
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list