[Samba] setting up a new ADS infrastructure
Rowland penny
rpenny at samba.org
Sun Jun 23 12:53:43 UTC 2019
On 23/06/2019 13:34, Rowland penny via samba wrote:
> On 23/06/2019 13:16, Stefan Froehlich via samba wrote:
>> On Sun, Jun 23, 2019 at 12:21:58PM +0100, Rowland penny via samba wrote:
>>> You are coming from a PDC domain to an AD DC domain, easiest thing
>>> first,
>>> you do not use 'wins' with an AD DC, you use 'dns'.
>> I know the latter (had to delegate the zone in bind after all), but
>> "wins support=yes" must have been created either by Debian or by
>> "domain provision".
>>
>>> Can you download this:
>>>
>>> https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh
>>>
>> The results are available at <http://froehlich.priv.at/samba/>
>>
>>> Can you also supply the AD object for 'Domain Users', I know where
>>> you got '100' from, but I need to see if you used it for the
>>> 'Domain Users' gidNumber.
>> Is available as well (and no, I did not, as I thought that AD
>> numbers have to be in the respective range > 10k)
>>
>> Bye,
>> Stefan
>>
> Sorry but you have a MAJOR problem, you have this on the DC (note: it
> isn't a PDC, it is a DC):
>
> Hostname: controller
> DNS Domain: synth.intern
> FQDN: controller.synth.intern
> ipaddress: 192.168.1.11
> -----------
> Samba is running as an AD DC
>
> Then on the Unix domain member, you have this:
>
> Hostname: herakles
> DNS Domain: synthesis.synth.intern
> FQDN: herakles.synthesis.synth.intern
> ipaddress: 192.168.1.13
> -----------
> Samba is running as a Unix domain member
>
> They are not in the same DNS domain and they must be.
>
> I will continue examining the two new files.
>
> Rowland
>
>
>
You have a DC in the 'synth.intern' dns domain, yet the Kerberos Realm
is 'SYNTHESIS.SYNTH.INTERN', it should be 'SYNTH.INTERN'
The Unix domain member is in the 'synthesis.synth.intern' dns domain and
its Kerberos Realm is 'SYNTHESIS.SYNTH.INTERN'
I am sorry, but you must fix this before anything else has a chance of
working, all computers must be in the same dns domain and the Realm must
be the dns domain in uppercase.
Rowland
More information about the samba
mailing list