[Samba] Changing IP Scope on a Samba DC
Rowland penny
rpenny at samba.org
Sat Sep 5 08:01:33 UTC 2020
On 05/09/2020 07:46, Peter Pollock wrote:
> I FINALLY DID IT!!!!!
>
> After following Louis van Belle's walk-through to create a new DC, and
> having problems at the end, I realized there was nothing in the walk
> through about modifying /var/lib/samba/bind-dns/named.conf to let
> Samba know the Bind version so I did that and Voila!
>
> We have name resolution, can create kerberos tickets, just
> successfully connected a windows workstation to the domain and seem to
> be rocking and rolling!
>
> Thank you for all your help everyone. Especially Rowland. I have a
> long way to go this weekend, but this is a good start!
>
> On Fri, Sep 4, 2020 at 10:02 PM Peter Pollock
> <peter.pollock at kingschristian.org
> <mailto:peter.pollock at kingschristian.org>> wrote:
>
> OK.. after school ended today, I poked around and found nothing so
> I started all over again. Followed Louis' instructions at
> https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
> all the way through but at the end, the resolver is not working -
> and kinit cannot find a KDC (I'm guessing because the resolver is
> not working!)
>
> This is the only server on the network and has an IP address of
> 192.168.4.5 (the gateway is at 192.168.4.1)
>
> "Service named status" gives me:
>
> ● named.service - BIND Domain Name Server
> Loaded: loaded (/lib/systemd/system/named.service; enabled;
> vendor preset: enabled)
> Active: active (running) since Fri 2020-09-04 21:41:41 PDT;
> 10min ago
> Docs: man:named(8)
> Main PID: 528 (named)
> Tasks: 14 (limit: 2282)
> Memory: 61.9M
> CGroup: /system.slice/named.service
> └─528 /usr/sbin/named -f -u bind
>
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:2d::d#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:1::53#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:9f::42#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:503:ba3e::2:30#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:a8::e#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:200::b#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:500:2f::f#53
> Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> 'kcs/DS/IN': 2001:503:c27::2:30#53
> Sep 04 21:52:22 dc01 named[528]: broken trust chain resolving
> 'dc01.internal.kcs/A/IN': 8.8.8.8#53
> Sep 04 21:52:22 dc01 named[528]: broken trust chain resolving
> '_ldap._tcp.dc01.internal.kcs/SRV/IN': 8.8.8.8#53
>
> I do not know where to start.
>
> I took copious notes as I followed Louis' walkthrough, which I'll
> send if they interest you, but it's many pages!
>
>
>
> On Fri, Sep 4, 2020 at 7:20 AM Rowland penny <rpenny at samba.org
> <mailto:rpenny at samba.org>> wrote:
>
> On 04/09/2020 15:05, Peter Pollock wrote:
> > This is brand new. Created following Louis' instructions
> (although in
> > my install of Ubuntu 20.04, it gets a little tricky with
> installing
> > packages because it claims one or more don't exist after
> adding Louis'
> > repository and doing an apt update).
> Please don't do that, say something doesn't exist without
> telling us
> what 'something' is ;-)
> >
> > Totally separate network from my Zentyal installs, on a ProxMox
> > virtual server, if that makes any difference.
> No, good idea really, it doesn't matter if it is separate, it
> allows you
> to destroy it easily if need be.
> >
> > I know the admin password, I just removed it from this
> email, I just
> > cannot figure out why I can't initiate a kticket.
> OK, if you know the password, no need to start again, but
> kinit should
> work. Did you check if the first nameserver in
> /etc/resolv.conf is the
> DC's IP ? did you run the kinit command as root and like this
> 'kinit
> Administrator' ?
> >
> > I can wipe it and start again, that's not a problem at all.
> I was just
> > so close...
>
> No, there is no need, it was just the lack of the
> Administrator password
> that was throwing me ;-)
>
> Rowland
>
>
Isn't it great when it all works :-)
I installed a DC on 20.04 server, to see if their was a problem.
I removed snaps and cloud-init.
I also used Louis's repo to get 4.12.6
I followed Louis's 18.04 howto to a certain extent (one thing I didn't
do was to create the ntp_signd dir, Samba does that for you)
Everything seemed to work until it came to resolving, it didn't!!
I traced this down to two things, one was the Samba named conf wasn't
set (it doesn't know about Bind 9.16) and /etc/hosts. Even though the
install (when setting a fixed IP) asks you for the dns domain name, it
doesn't put it into /etc/hosts. If you examine /etc/hosts, you will find
this:
127.0.1.1 <dc_short_hostname>
When it should be:
127.0.1.1 <dc_fqdn> <dc_short_hostname>
Once these were fixed, everything now works.
Rowland
More information about the samba
mailing list