[Samba] Samba AD member lost domain join after reboot

Rowland penny rpenny at samba.org
Tue Jun 7 16:29:54 UTC 2016 

On 07/06/16 17:05, Alexis RIES wrote:
> I think I found my problem, when configuring my second domain 
> controller, I have created by mistake a round robin DNS entry on 
> "Forward Lookup Zones -> ad.samdom.local".
> I speak of round-robin because I have two fields A pointing to the 
> same domain
>
> Now I'm lost, you have a second domain controller in failover?
> If so, could you give me your DNS configuration? I need information on:
>
> Forward Lookup Zones -> ad.samdom.local.
> Forward Lookup Zones -> ad.samdom.local -> DomainDnsZones
> Forward Lookup Zones -> ad.samdom.local -> ForestDnsZones
>
> Currently I have two domain controllers in these areas (thus the 
> round-robin).
> However, I have not touched the DomainDnsZones and ForestDnsZones 
> areas, this had to be done by "samba-tool domain join" executed during 
> installation but I'm not sure.
>
> Is it normal to have the round robin on ForestDnsZones and 
> DomainDnsZones ?
>
> Please find attached the export of my DNS configuration.
>
> Thank you,
> Alexis.
>
>
>
> On 07/06/2016 16:05, Rowland penny wrote:
>> On 07/06/16 14:44, Alexis RIES wrote:
>>> I put the usermapping but this does not solve the problem.
>>>
>>> I do not use libpam_winbind and libpam-krb5 because I did not need 
>>> to log in server using domain accounts, it seems to me that this is 
>>> not mandatory, you confirm ?
>>
>> This could well be your problem, try installing them. My domain 
>> member works and this seems to be the only difference between my 
>> domain member and yours.
>>
>>>
>>>
>>> Here are the permissions of the file /etc/krb5.keytab:
>>> root at smb1:/home/adminlocal# ls -l /etc/krb5.keytab
>>> -rw------- 1 root root 2312 Jun  7 14:44 /etc/krb5.keytab
>>
>> That again is the same as my domain member
>>
>>>
>>>
>>> Avahi is not installed on this server
>>>
>>> For information, when I run "wbinfo -P", I have this result:
>>> SMB1 root @: / home / adminlocal # wbinfo -P
>>> checking the NETLOGON for domain [SAMDOM] dc connection to "" failed
>>> wbcPingDc2 (SAMDOM): error code Was NT_STATUS_USER_SESSION_DELETED 
>>> (0xc0000203)
>>>
>>
>> This works for me:
>>
>> root at debnet:/home/rowland/ # wbinfo -P
>> checking the NETLOGON dc connection to "dc1.samdom.example.com" 
>> succeeded
>>
>> Rowland
>>
>>
>>
>>
>
>
>

How did you obtain the three files you attached ? what command(s) did 
you run ?
Are you using the internal DNS server on the DCs, or are you using Bind9?
If you are using bind9, how have you configured it ?

Rowland

More information about the samba mailing list