[Samba] Debian Jessie AD DC w. BIND9 : DNS update fails for debian squeezy member server
Timo Altun
olol13.samba at the-1337.org
Fri Mar 20 13:08:50 MDT 2015
I did not run that command at all. I did run samba-tool classicupgrade on
the DC after setting up ldap with my data. As far as I understand the
provisioning of the domain is done during that process. And on the other
machines provisioning must not be done, right?
On 20 Mar 2015 19:35, "Rowland Penny" <rowlandpenny at googlemail.com> wrote:
> On 20/03/15 18:28, Timo Altun wrote:
>
>> Yes, it was/is an NT-4 style PDC with Samba 3.2.5 on lenny. I did a clean
>> install of jessie and installed samba 4.1.17 from jessie repositories. Is
>> there a better way?
>>
>> Strangely the domain join, shares and users did work before on the
>> squeezy member against the Samba4 AD DC with security = domain and no
>> keytab defined, nor created.
>>
>> The only thing that didn't work, was setting the dns record during 'net
>> ads join -Uadministrator'. I'll probably go back to the old, ugly,
>> overloaded smb.conf, so that I have the users working and add the dns
>> entries manually for the other linux machines.
>>
>> Greetings,
>> Timo
>>
>> On 20 March 2015 at 18:11, Rowland Penny <rowlandpenny at googlemail.com
>> <mailto:rowlandpenny at googlemail.com>> wrote:
>>
>> On 20/03/15 16:56, Timo Altun wrote:
>>
>> On 20 March 2015 at 17:00, Rowland Penny
>> <rowlandpenny at googlemail.com
>> <mailto:rowlandpenny at googlemail.com>
>> <mailto:rowlandpenny at googlemail.com
>> <mailto:rowlandpenny at googlemail.com>>> wrote:
>>
>> On 20/03/15 15:47, Timo Altun wrote:
>>
>> I'm sorry it got confusing, changed the topic and I'll
>> try to
>> explain. I am using Jessie on the DC. Server13 is a
>> linux file
>> server and domain member, it is on squeeze. If
>> possible, I do
>> not want to upgrade it. The problem here is, that it
>> does not
>> seem to generate a DNS record when joining the domain and,
>> after setting up the new smb.conf, the users aren't
>> passed on
>> from winbind to the local authentication tools. It
>> also caused
>> the single share I set up in the smb.conf to be
>> unaccessible
>> by user administrator. Maybe something with the keytab
>> file is
>> not working.
>>
>>
>> You were confused :-D
>>
>>
>> And I most definitely still am :)
>> In general, am I right, that Kerberos is working as intended,
>> when I am able to get tickets?
>> Further, my old smb.conf used security = domain and no
>> keytab...might this be the reason for the winbind users not
>> being transferred?
>> Maybe it's also necessary for DNS updates to have that part
>> working.
>>
>>
>>
>>
>> Was your old domain server an NT-4 style PDC ? you didn't use
>> kerberos with this type of server. Now that you are using a Samba4
>> AD DC, you have to use 'security = ADS' and keytabs, the main
>> keytab (usually /etc/krb5.keytab) is created for you when you run
>> 'net ads join -U Administrator', the join should create the dns
>> record for the client but sometimes it doesn't. This is not a
>> problem, you just have to create them manually on the DC with
>> 'samba-tool dns add <server> <zone> <name>
>> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>'. See samba-tool dns add
>> --help' for more info.
>>
>> Having said all that, one thing that I don't think has been raised
>> yet, how did you install samba on the DC ?
>>
>>
>> Rowland
>>
>>
>> -- To unsubscribe from this list go to the following URL and read
>> the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> OK, have you run this command (on any of your computers):
>
> samba-tool domain provision
>
> and if so which
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list