[Samba] DNS Issues when joining a Domain as a DC

Thu Oct 16 05:30:09 MDT 2014

On 16/10/14 12:24, L.P.H. van Belle wrote:
> kerberos has all to do with dns.
> Without an correct dns ( for host and ptr ) kerberos does not work.
Yes, that is correct, without dns, kerberos will not work, BUT, dns will 
work without kerberos.

Rowland
>
>   
>
>> -----Oorspronkelijk bericht-----
>> Van: rowlandpenny at googlemail.com
>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>> Verzonden: donderdag 16 oktober 2014 12:31
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] DNS Issues when joining a Domain as a DC
>>
>> On 16/10/14 11:12, Daniel Müller wrote:
>>> Is your first DC a Samba4 host?
>>> Did you: samba-tool domain join YOURDOMAIN DC -Uadministrator
>>> --realm=your.realm --dns-backend=BIND9_DLZ
>>>
>>> samba-tool dns add your.master.dc your.realm YOUR.NEW.DC A
>> your.new.dc.ip
>>> -Uadministrator
>>> host -t A YOUR.NEW.DC.  must show no errors!!
>> Hi Daniel, kerberos has nothing to do with DNS (unless you are
>> trying to
>> run nsupdate), so shouldn't impact on the OP's problem.
>>
>> Rowland
>>
>>> What about your krb5.conf?
>>> What about : samba-tool drs kcc -Uadministrator
>> Your.domain.controllers  ?
>>> Ex:
>>> samba-tool drs kcc -Uadministrator s4master.tplk.loc
>>> Password for [TPLK\administrator]:
>>> Consistency check on s4master.tplk.loc successful.
>>>
>>> EDV Daniel Müller
>>>
>>> Leitung EDV
>>> Tropenklinik Paul-Lechler-Krankenhaus
>>> Paul-Lechler-Str. 24
>>> 72076 Tübingen
>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>> eMail: mueller at tropenklinik.de
>>> Internet: www.tropenklinik.de
>>>
>>>
>>>
>>>
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] Im
>>> Auftrag von Thomas Kempf
>>> Gesendet: Donnerstag, 16. Oktober 2014 11:35
>>> An: samba at lists.samba.org
>>> Betreff: [Samba] DNS Issues when joining a Domain as a DC
>>>
>>> Hi,
>>> yesterday i tried to join a domain as a DC with bind9 as
>> dns-backend on
>>> Debian Wheezy with samba 4.1.11 from backports. I followed
>> the tutorial in
>>> the wiki
>> https://wiki.samba.org/index.php/Join_a_domain_as_a_DC but didn'
>>> find the instruction completely clear, so perhaps i made a
>> mistake during
>>> the join.
>>> It is written there:
>>> "If you choose BIND as DNS backend, instead of the internal
>> DNS, then you,
>>> of course, have to finish this before you continue"
>>> I could not figure out how to finish configuring bind as a
>> backend, when the
>>> keytab file and the other bind-related files get created
>> after joining the
>>> domain.
>>> So i ran the join command first, and with the files created
>> in this step, i
>>> was able to get the DC up and running...
>>> I had to manually create the A and CNAME records on the old
>> DC like it is
>>> written in the wiki in the part "Check required DNS entries
>> of the new
>>> host". my guess was, that those entries should be replicated
>> later on to the
>>> new DC seems not to work.
>>> When i check the name resolving of the A record on the newly
>> joined DC it
>>> does not resolve whereas on the old one it works fine.
>>>
>>> AD-Domain is ad.hueper.de
>>> old DC is dns2.ad.hueper.de
>>> new DC is dns1.ad.hueper.de
>>>
>>> dns1:~# host -t A dns1.ad.hueper.de dns2.ad.hueper.de Using
>> domain server:
>>> Name: dns2.ad.hueper.de
>>> Address: 192.168.0.2#53
>>> Aliases:
>>>
>>> dns1.ad.hueper.de has address 192.168.0.1
>>>
>>> dns1:~# host -t A dns1.ad.hueper.de dns1.ad.hueper.de Using
>> domain server:
>>> Name: dns1.ad.hueper.de
>>> Address: 192.168.0.1#53
>>> Aliases:
>>>
>>> Host dns1.ad.hueper.de not found: 3(NXDOMAIN)
>>>
>>> When i look at the servers using RSAT DNS-Manager i can see
>> the A-Record on
>>> both DNS-Servers, so i wonder why doesn't it resolve on the new DC ?
>>> Is it save to delete the A and CNAME Records and recreate
>> them using RSAT ?
>>> kind regards
>>> Tom
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>