[Samba] Changing IP Scope on a Samba DC

Sat Sep 5 06:46:41 UTC 2020

I FINALLY DID IT!!!!!

After following Louis van Belle's walk-through to create a new DC, and
having problems at the end, I realized there was nothing in the walk
through about modifying /var/lib/samba/bind-dns/named.conf to let Samba
know the Bind version so I did that and Voila!

We have name resolution, can create kerberos tickets, just successfully
connected a windows workstation to the domain and seem to be rocking and
rolling!

Thank you for all your help everyone. Especially Rowland. I have a long way
to go this weekend, but this is a good start!

On Fri, Sep 4, 2020 at 10:02 PM Peter Pollock <
peter.pollock at kingschristian.org> wrote:

> OK.. after school ended today, I poked around and found nothing so I
> started all over again. Followed Louis' instructions at
> https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
> all the way through but at the end, the resolver is not working - and kinit
> cannot find a KDC (I'm guessing because the resolver is not working!)
>
> This is the only server on the network and has an IP address of
> 192.168.4.5 (the gateway is at 192.168.4.1)
>
> "Service named status" gives me:
>
> ● named.service - BIND Domain Name Server
>      Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor
> preset: enabled)
>      Active: active (running) since Fri 2020-09-04 21:41:41 PDT; 10min ago
>        Docs: man:named(8)
>    Main PID: 528 (named)
>       Tasks: 14 (limit: 2282)
>      Memory: 61.9M
>      CGroup: /system.slice/named.service
>              └─528 /usr/sbin/named -f -u bind
>
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:2d::d#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:1::53#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:9f::42#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:503:ba3e::2:30#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:a8::e#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:200::b#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:2f::f#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:503:c27::2:30#53
> Sep 04 21:52:22 dc01 named[528]: broken trust chain resolving
> 'dc01.internal.kcs/A/IN': 8.8.8.8#53
> Sep 04 21:52:22 dc01 named[528]: broken trust chain resolving
> '_ldap._tcp.dc01.internal.kcs/SRV/IN': 8.8.8.8#53
>
> I do not know where to start.
>
> I took copious notes as I followed Louis' walkthrough, which I'll send if
> they interest you, but it's many pages!
>
>
>
> On Fri, Sep 4, 2020 at 7:20 AM Rowland penny <rpenny at samba.org> wrote:
>
>> On 04/09/2020 15:05, Peter Pollock wrote:
>> > This is brand new. Created following Louis' instructions (although in
>> > my install of Ubuntu 20.04, it gets a little tricky with installing
>> > packages because it claims one or more don't exist after adding Louis'
>> > repository and doing an apt update).
>> Please don't do that, say something doesn't exist without telling us
>> what 'something' is ;-)
>> >
>> > Totally separate network from my Zentyal installs, on a ProxMox
>> > virtual server, if that makes any difference.
>> No, good idea really, it doesn't matter if it is separate, it allows you
>> to destroy it easily if need be.
>> >
>> > I know the admin password, I just removed it from this email, I just
>> > cannot figure out why I can't initiate a kticket.
>> OK, if you know the password, no need to start again, but kinit should
>> work. Did you check if the first nameserver in /etc/resolv.conf is the
>> DC's IP ? did you run the kinit command as root and like this 'kinit
>> Administrator' ?
>> >
>> > I can wipe it and start again, that's not a problem at all. I was just
>> > so close...
>>
>> No, there is no need, it was just the lack of the Administrator password
>> that was throwing me ;-)
>>
>> Rowland
>>
>>
>>