[Samba] Debian Jessie AD DC w. BIND9 : DNS update fails for debian squeezy member server

Jhon P patocius at hotmail.com
Fri Mar 20 13:11:14 MDT 2015 

Yes, when i setup samba 4.1 for first time.

> Date: Fri, 20 Mar 2015 20:08:50 +0100
> From: olol13.samba at the-1337.org
> To: rowlandpenny at googlemail.com
> CC: samba at lists.samba.org
> Subject: Re: [Samba] Debian Jessie AD DC w. BIND9 : DNS update fails for debian squeezy member server
> 
> I did not run that command at all. I did run samba-tool classicupgrade on
> the DC after setting up ldap with my data. As far as I understand the
> provisioning of the domain is done during that process. And on the other
> machines provisioning must not be done, right?
> On 20 Mar 2015 19:35, "Rowland Penny" <rowlandpenny at googlemail.com> wrote:
> 
> > On 20/03/15 18:28, Timo Altun wrote:
> >
> >> Yes, it was/is an NT-4 style PDC with Samba 3.2.5 on lenny. I did a clean
> >> install of jessie and installed samba 4.1.17 from jessie repositories. Is
> >> there a better way?
> >>
> >> Strangely the domain join, shares and users did work before on the
> >> squeezy member against the Samba4 AD DC with security = domain and no
> >> keytab defined, nor created.
> >>
> >> The only thing that didn't work, was setting the dns record during 'net
> >> ads join -Uadministrator'. I'll probably go back to the old, ugly,
> >> overloaded smb.conf, so that I have the users working and add the dns
> >> entries manually for the other linux machines.
> >>
> >> Greetings,
> >> Timo
> >>
> >> On 20 March 2015 at 18:11, Rowland Penny <rowlandpenny at googlemail.com
> >> <mailto:rowlandpenny at googlemail.com>> wrote:
> >>
> >>     On 20/03/15 16:56, Timo Altun wrote:
> >>
> >>         On 20 March 2015 at 17:00, Rowland Penny
> >>         <rowlandpenny at googlemail.com
> >>         <mailto:rowlandpenny at googlemail.com>
> >>         <mailto:rowlandpenny at googlemail.com
> >>         <mailto:rowlandpenny at googlemail.com>>> wrote:
> >>
> >>             On 20/03/15 15:47, Timo Altun wrote:
> >>
> >>                 I'm sorry it got confusing, changed the topic and I'll
> >>         try to
> >>                 explain. I am using Jessie on the DC. Server13 is a
> >>         linux file
> >>                 server and domain member, it is on squeeze. If
> >>         possible, I do
> >>                 not want to upgrade it. The problem here is, that it
> >>         does not
> >>                 seem to generate a DNS record when joining the domain and,
> >>                 after setting up the new smb.conf, the users aren't
> >>         passed on
> >>                 from winbind to the local authentication tools. It
> >>         also caused
> >>                 the single share I set up in the smb.conf to be
> >>         unaccessible
> >>                 by user administrator. Maybe something with the keytab
> >>         file is
> >>                 not working.
> >>
> >>
> >>             You were confused :-D
> >>
> >>
> >>         And I most definitely still am :)
> >>         In general, am I right, that Kerberos is working as intended,
> >>         when I am able to get tickets?
> >>         Further, my old smb.conf used security = domain and no
> >>         keytab...might this be the reason for the winbind users not
> >>         being transferred?
> >>         Maybe it's also necessary for DNS updates to have that part
> >>         working.
> >>
> >>
> >>
> >>
> >>     Was your old domain server an NT-4 style PDC ? you didn't use
> >>     kerberos with this type of server. Now that you are using a Samba4
> >>     AD DC, you have to use 'security = ADS' and keytabs, the main
> >>     keytab (usually /etc/krb5.keytab) is created for you when you run
> >>     'net ads join -U Administrator', the join should create the dns
> >>     record for the client but sometimes it doesn't. This is not a
> >>     problem, you just have to create them manually on the DC with
> >>     'samba-tool dns add <server> <zone> <name>
> >>     <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>'. See samba-tool dns add
> >>     --help' for more info.
> >>
> >>     Having said all that, one thing that I don't think has been raised
> >>     yet, how did you install samba on the DC ?
> >>
> >>
> >>     Rowland
> >>
> >>
> >>     --     To unsubscribe from this list go to the following URL and read
> >> the
> >>     instructions: https://lists.samba.org/mailman/options/samba
> >>
> >>
> >>
> > OK, have you run this command (on any of your computers):
> >
> > samba-tool domain provision
> >
> > and if so which
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list