[Samba] DNS Issues when joining a Domain as a DC
L.P.H. van Belle
belle at bazuin.nl
Thu Oct 16 05:24:22 MDT 2014
kerberos has all to do with dns.
Without an correct dns ( for host and ptr ) kerberos does not work.
>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: donderdag 16 oktober 2014 12:31
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] DNS Issues when joining a Domain as a DC
>
>On 16/10/14 11:12, Daniel Müller wrote:
>> Is your first DC a Samba4 host?
>> Did you: samba-tool domain join YOURDOMAIN DC -Uadministrator
>> --realm=your.realm --dns-backend=BIND9_DLZ
>>
>> samba-tool dns add your.master.dc your.realm YOUR.NEW.DC A
>your.new.dc.ip
>> -Uadministrator
>> host -t A YOUR.NEW.DC. must show no errors!!
>
>Hi Daniel, kerberos has nothing to do with DNS (unless you are
>trying to
>run nsupdate), so shouldn't impact on the OP's problem.
>
>Rowland
>
>> What about your krb5.conf?
>> What about : samba-tool drs kcc -Uadministrator
>Your.domain.controllers ?
>>
>> Ex:
>> samba-tool drs kcc -Uadministrator s4master.tplk.loc
>> Password for [TPLK\administrator]:
>> Consistency check on s4master.tplk.loc successful.
>>
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>>
>>
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org
>[mailto:samba-bounces at lists.samba.org] Im
>> Auftrag von Thomas Kempf
>> Gesendet: Donnerstag, 16. Oktober 2014 11:35
>> An: samba at lists.samba.org
>> Betreff: [Samba] DNS Issues when joining a Domain as a DC
>>
>> Hi,
>> yesterday i tried to join a domain as a DC with bind9 as
>dns-backend on
>> Debian Wheezy with samba 4.1.11 from backports. I followed
>the tutorial in
>> the wiki
>https://wiki.samba.org/index.php/Join_a_domain_as_a_DC but didn'
>> find the instruction completely clear, so perhaps i made a
>mistake during
>> the join.
>> It is written there:
>> "If you choose BIND as DNS backend, instead of the internal
>DNS, then you,
>> of course, have to finish this before you continue"
>> I could not figure out how to finish configuring bind as a
>backend, when the
>> keytab file and the other bind-related files get created
>after joining the
>> domain.
>> So i ran the join command first, and with the files created
>in this step, i
>> was able to get the DC up and running...
>> I had to manually create the A and CNAME records on the old
>DC like it is
>> written in the wiki in the part "Check required DNS entries
>of the new
>> host". my guess was, that those entries should be replicated
>later on to the
>> new DC seems not to work.
>> When i check the name resolving of the A record on the newly
>joined DC it
>> does not resolve whereas on the old one it works fine.
>>
>> AD-Domain is ad.hueper.de
>> old DC is dns2.ad.hueper.de
>> new DC is dns1.ad.hueper.de
>>
>> dns1:~# host -t A dns1.ad.hueper.de dns2.ad.hueper.de Using
>domain server:
>> Name: dns2.ad.hueper.de
>> Address: 192.168.0.2#53
>> Aliases:
>>
>> dns1.ad.hueper.de has address 192.168.0.1
>>
>> dns1:~# host -t A dns1.ad.hueper.de dns1.ad.hueper.de Using
>domain server:
>> Name: dns1.ad.hueper.de
>> Address: 192.168.0.1#53
>> Aliases:
>>
>> Host dns1.ad.hueper.de not found: 3(NXDOMAIN)
>>
>> When i look at the servers using RSAT DNS-Manager i can see
>the A-Record on
>> both DNS-Servers, so i wonder why doesn't it resolve on the new DC ?
>> Is it save to delete the A and CNAME Records and recreate
>them using RSAT ?
>>
>> kind regards
>> Tom
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list