[Samba] No DNS domain configured

Rowland penny rpenny at samba.org
Mon Aug 31 16:03:50 UTC 2020 

On 31/08/2020 16:07, Philip Offermans via samba wrote:
> I am trying to join an existing samba server but I get an error message that the DNS update failed. I have read that this doesn’t matter and the join is still successful. But the problem comes when I try to grant privileges to the unix admins.
It doesn't really matter if the join fails in this way. If the Unix 
domain member gets its IP via dhcp, then it should get added later and 
if it has afixed IP, you can add the data with 'samba-tool dns add'
> root at dna:/home/pi# net ads join -U administrator
Definitely works on an Rpi.
> Enter administrator's password:
> Using short domain name -- DOMAIN
> Joined 'DNA' to dns domain ‘domain.local'
> No DNS domain configured for dna. Unable to perform DNS Update.
> DNS update failed: NT_STATUS_INVALID_PARAMETER
> root at dna:/home/pi#  net rpc rights grant “domain\Unix Admins" SeDiskOperatorPrivilege -U “domain\administrator"
> Enter domain\administrator's password:
> Could not connect to server 127.0.0.1
> Connection failed: NT_STATUS_CONNECTION_REFUSED
This should work.
>
> CONFIG FILE DOMAIN MEMBER:
> [global]
>
>     netbios name = DNA
>     workgroup = DOMAIN
>     security = ADS
>     realm = DOMAIN.LOCAL
>
>     winbind refresh tickets = Yes
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
>
>     dedicated keytab file = /etc/krb5.keytab
>     kerberos method = secrets and keytab
>
>     winbind use default domain = yes
>
>     winbind enum users = yes
>     winbind enum groups = yes
>
>     username map = /etc/samba/user.map
>
> [nas]
> 	path = /nas
> 	read only = no
Aha, you have totally missed adding the 'idmap config' block of your 
choice, or you are using sssd, either is a no-no.
>
>
> CONFIG FILE DC:
> [global]
> 	dns forwarder = 8.8.8.8
> 	netbios name = GAIA
> 	realm = DOMAIN.LOCAL
> 	server role = active directory domain controller
> 	workgroup = DOMAIN
> 	idmap_ldb:use rfc2307 = yes
>          wins support = yes
>
> [netlogon]
> 	path = /var/lib/samba/sysvol/rompen.local/scripts
> 	read only = No
>
> [sysvol]
> 	path = /var/lib/samba/sysvol
> 	read only = No
I do hope that '.local' is a placeholder.
> /etc/hosts DOMAIN MEMBER:
> 192.168.88.3    dna     dna.domain.local
> 192.168.88.2    gaia    gaia.domain.local
> 127.0.0.1       gaia.rompen.nl gaia
> 127.0.0.1	localhost
That is messed up, it shouldn't have the line for the DC, it shouldn't 
have '127.0.0.1' pointing to 'gaia' (which also points to a different 
dns domain) and if your computer gets its ip info via dhcp, you don't 
need the 'dna' line (which incidentally is the wrong way around, it is 
'IP FQDN short hostname')
> ::1		localhost ip6-localhost ip6-loopback
> ff02::1		ip6-allnodes
> ff02::2		ip6-allrouters
>
> /etc/hosts DC:
> 127.0.0.1	localhost
> ::1		localhost ip6-localhost ip6-loopback
> ff02::1		ip6-allnodes
> ff02::2		ip6-allrouters
>
> 127.0.1.1	gaia
I would prefer the '127.0.1.1' line to be 'DC_IP FQDN short hostname'
>
> /etc/resolv.conf DOMAIN MEMBER:
> # Generated by resolvconf
> domain domain.local
> nameserver 192.168.88.2
>
> /etc/resolv.conf DC:
> # Generated by resolvconf
> domain domain.local
> nameserver 192.168.88.2
The 'domain' should be 'search'
>
> IP DOMAIN MEMBER: 192.168.88.3
> IP AD: 192.168.88.2
>
> I think it is a network problem. But I can’t find out what I am doing wrong.

Rowland

More information about the samba mailing list