[Samba] Changing IP Scope on a Samba DC
Peter Pollock
peter.pollock at kingschristian.org
Sat Sep 5 08:12:53 UTC 2020
I just found the /etc/hosts thing two seconds before reading your email.
A couple of questions:
1) The install also did nothing to krb5.conf - do I need to merge it with
the file that the install generated?
2) When adding a DC to this domain, do I follow the same walk-through but
just use samba-tool domain join instead of domain provision?
3) What tests should I run? I can join a computer to the domain and shortly
(it took me 3 hours last time, so not particularly shortly at all) will be
trying to join another DC, are there any standard commands or tests I
should be running other than that?
On Sat, Sep 5, 2020 at 1:01 AM Rowland penny <rpenny at samba.org> wrote:
> On 05/09/2020 07:46, Peter Pollock wrote:
> > I FINALLY DID IT!!!!!
> >
> > After following Louis van Belle's walk-through to create a new DC, and
> > having problems at the end, I realized there was nothing in the walk
> > through about modifying /var/lib/samba/bind-dns/named.conf to let
> > Samba know the Bind version so I did that and Voila!
> >
> > We have name resolution, can create kerberos tickets, just
> > successfully connected a windows workstation to the domain and seem to
> > be rocking and rolling!
> >
> > Thank you for all your help everyone. Especially Rowland. I have a
> > long way to go this weekend, but this is a good start!
> >
> > On Fri, Sep 4, 2020 at 10:02 PM Peter Pollock
> > <peter.pollock at kingschristian.org
> > <mailto:peter.pollock at kingschristian.org>> wrote:
> >
> > OK.. after school ended today, I poked around and found nothing so
> > I started all over again. Followed Louis' instructions at
> >
> https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
> > all the way through but at the end, the resolver is not working -
> > and kinit cannot find a KDC (I'm guessing because the resolver is
> > not working!)
> >
> > This is the only server on the network and has an IP address of
> > 192.168.4.5 (the gateway is at 192.168.4.1)
> >
> > "Service named status" gives me:
> >
> > ● named.service - BIND Domain Name Server
> > Loaded: loaded (/lib/systemd/system/named.service; enabled;
> > vendor preset: enabled)
> > Active: active (running) since Fri 2020-09-04 21:41:41 PDT;
> > 10min ago
> > Docs: man:named(8)
> > Main PID: 528 (named)
> > Tasks: 14 (limit: 2282)
> > Memory: 61.9M
> > CGroup: /system.slice/named.service
> > └─528 /usr/sbin/named -f -u bind
> >
> > Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> > 'kcs/DS/IN': 2001:500:2d::d#53
> > Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> > 'kcs/DS/IN': 2001:500:1::53#53
> > Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> > 'kcs/DS/IN': 2001:500:9f::42#53
> > Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> > 'kcs/DS/IN': 2001:503:ba3e::2:30#53
> > Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> > 'kcs/DS/IN': 2001:500:a8::e#53
> > Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> > 'kcs/DS/IN': 2001:500:200::b#53
> > Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> > 'kcs/DS/IN': 2001:500:2f::f#53
> > Sep 04 21:52:22 dc01 named[528]: network unreachable resolving
> > 'kcs/DS/IN': 2001:503:c27::2:30#53
> > Sep 04 21:52:22 dc01 named[528]: broken trust chain resolving
> > 'dc01.internal.kcs/A/IN': 8.8.8.8#53
> > Sep 04 21:52:22 dc01 named[528]: broken trust chain resolving
> > '_ldap._tcp.dc01.internal.kcs/SRV/IN': 8.8.8.8#53
> >
> > I do not know where to start.
> >
> > I took copious notes as I followed Louis' walkthrough, which I'll
> > send if they interest you, but it's many pages!
> >
> >
> >
> > On Fri, Sep 4, 2020 at 7:20 AM Rowland penny <rpenny at samba.org
> > <mailto:rpenny at samba.org>> wrote:
> >
> > On 04/09/2020 15:05, Peter Pollock wrote:
> > > This is brand new. Created following Louis' instructions
> > (although in
> > > my install of Ubuntu 20.04, it gets a little tricky with
> > installing
> > > packages because it claims one or more don't exist after
> > adding Louis'
> > > repository and doing an apt update).
> > Please don't do that, say something doesn't exist without
> > telling us
> > what 'something' is ;-)
> > >
> > > Totally separate network from my Zentyal installs, on a ProxMox
> > > virtual server, if that makes any difference.
> > No, good idea really, it doesn't matter if it is separate, it
> > allows you
> > to destroy it easily if need be.
> > >
> > > I know the admin password, I just removed it from this
> > email, I just
> > > cannot figure out why I can't initiate a kticket.
> > OK, if you know the password, no need to start again, but
> > kinit should
> > work. Did you check if the first nameserver in
> > /etc/resolv.conf is the
> > DC's IP ? did you run the kinit command as root and like this
> > 'kinit
> > Administrator' ?
> > >
> > > I can wipe it and start again, that's not a problem at all.
> > I was just
> > > so close...
> >
> > No, there is no need, it was just the lack of the
> > Administrator password
> > that was throwing me ;-)
> >
> > Rowland
> >
> >
> Isn't it great when it all works :-)
>
> I installed a DC on 20.04 server, to see if their was a problem.
>
> I removed snaps and cloud-init.
>
> I also used Louis's repo to get 4.12.6
>
> I followed Louis's 18.04 howto to a certain extent (one thing I didn't
> do was to create the ntp_signd dir, Samba does that for you)
>
> Everything seemed to work until it came to resolving, it didn't!!
>
> I traced this down to two things, one was the Samba named conf wasn't
> set (it doesn't know about Bind 9.16) and /etc/hosts. Even though the
> install (when setting a fixed IP) asks you for the dns domain name, it
> doesn't put it into /etc/hosts. If you examine /etc/hosts, you will find
> this:
>
> 127.0.1.1 <dc_short_hostname>
>
> When it should be:
>
> 127.0.1.1 <dc_fqdn> <dc_short_hostname>
>
> Once these were fixed, everything now works.
>
> Rowland
>
>
>
>
More information about the samba
mailing list