[Samba] Debian Jessie AD DC w. BIND9 : DNS update fails for debian squeezy member server
rowlandpenny at googlemail.com
Fri Mar 20 11:11:04 MDT 2015
On 20/03/15 16:56, Timo Altun wrote:
> On 20 March 2015 at 17:00, Rowland Penny <rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>> wrote:
> On 20/03/15 15:47, Timo Altun wrote:
> I'm sorry it got confusing, changed the topic and I'll try to
> explain. I am using Jessie on the DC. Server13 is a linux file
> server and domain member, it is on squeeze. If possible, I do
> not want to upgrade it. The problem here is, that it does not
> seem to generate a DNS record when joining the domain and,
> after setting up the new smb.conf, the users aren't passed on
> from winbind to the local authentication tools. It also caused
> the single share I set up in the smb.conf to be unaccessible
> by user administrator. Maybe something with the keytab file is
> not working.
> You were confused :-D
> And I most definitely still am :)
> In general, am I right, that Kerberos is working as intended, when I
> am able to get tickets?
> Further, my old smb.conf used security = domain and no keytab...might
> this be the reason for the winbind users not being transferred?
> Maybe it's also necessary for DNS updates to have that part working.
Was your old domain server an NT-4 style PDC ? you didn't use kerberos
with this type of server. Now that you are using a Samba4 AD DC, you
have to use 'security = ADS' and keytabs, the main keytab (usually
/etc/krb5.keytab) is created for you when you run 'net ads join -U
Administrator', the join should create the dns record for the client but
sometimes it doesn't. This is not a problem, you just have to create
them manually on the DC with 'samba-tool dns add <server> <zone> <name>
<A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>'. See samba-tool dns add --help'
for more info.
Having said all that, one thing that I don't think has been raised yet,
how did you install samba on the DC ?
More information about the samba