[Samba] Samba AD member lost domain join after reboot

Alexis RIES alexis.ries at kinaxia.fr
Wed Jun 8 07:17:20 UTC 2016 

Hi,

I used the DNS management console, right click on zone and "export list".
I use Bind9, and yes it is configured.

Alexis.

On 07/06/2016 18:29, Rowland penny wrote:
> On 07/06/16 17:05, Alexis RIES wrote:
>> I think I found my problem, when configuring my second domain 
>> controller, I have created by mistake a round robin DNS entry on 
>> "Forward Lookup Zones -> ad.samdom.local".
>> I speak of round-robin because I have two fields A pointing to the 
>> same domain
>>
>> Now I'm lost, you have a second domain controller in failover?
>> If so, could you give me your DNS configuration? I need information on:
>>
>> Forward Lookup Zones -> ad.samdom.local.
>> Forward Lookup Zones -> ad.samdom.local -> DomainDnsZones
>> Forward Lookup Zones -> ad.samdom.local -> ForestDnsZones
>>
>> Currently I have two domain controllers in these areas (thus the 
>> round-robin).
>> However, I have not touched the DomainDnsZones and ForestDnsZones 
>> areas, this had to be done by "samba-tool domain join" executed 
>> during installation but I'm not sure.
>>
>> Is it normal to have the round robin on ForestDnsZones and 
>> DomainDnsZones ?
>>
>> Please find attached the export of my DNS configuration.
>>
>> Thank you,
>> Alexis.
>>
>>
>>
>> On 07/06/2016 16:05, Rowland penny wrote:
>>> On 07/06/16 14:44, Alexis RIES wrote:
>>>> I put the usermapping but this does not solve the problem.
>>>>
>>>> I do not use libpam_winbind and libpam-krb5 because I did not need 
>>>> to log in server using domain accounts, it seems to me that this is 
>>>> not mandatory, you confirm ?
>>>
>>> This could well be your problem, try installing them. My domain 
>>> member works and this seems to be the only difference between my 
>>> domain member and yours.
>>>
>>>>
>>>>
>>>> Here are the permissions of the file /etc/krb5.keytab:
>>>> root at smb1:/home/adminlocal# ls -l /etc/krb5.keytab
>>>> -rw------- 1 root root 2312 Jun  7 14:44 /etc/krb5.keytab
>>>
>>> That again is the same as my domain member
>>>
>>>>
>>>>
>>>> Avahi is not installed on this server
>>>>
>>>> For information, when I run "wbinfo -P", I have this result:
>>>> SMB1 root @: / home / adminlocal # wbinfo -P
>>>> checking the NETLOGON for domain [SAMDOM] dc connection to "" failed
>>>> wbcPingDc2 (SAMDOM): error code Was NT_STATUS_USER_SESSION_DELETED 
>>>> (0xc0000203)
>>>>
>>>
>>> This works for me:
>>>
>>> root at debnet:/home/rowland/ # wbinfo -P
>>> checking the NETLOGON dc connection to "dc1.samdom.example.com" 
>>> succeeded
>>>
>>> Rowland
>>>
>>>
>>>
>>>
>>
>>
>>
>
> How did you obtain the three files you attached ? what command(s) did 
> you run ?
> Are you using the internal DNS server on the DCs, or are you using Bind9?
> If you are using bind9, how have you configured it ?
>
> Rowland
>

More information about the samba mailing list