[Samba] No DNS domain configured
L.P.H. van Belle
belle at bazuin.nl
Mon Sep 7 07:02:15 UTC 2020
See below, basicly what now happend is.
This one line :
> 127.0.1.1 gaia.rompen.local gaia <<<< CHANGE THIS
Is what is your problem.
Read throught the settings, you need a few changes.
Its mostly good.
After the changes, reboot the AD-DC.
Then after its rebooted and after the changes for the member, reboot that also.
Then is should be ok.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Philip Offermans via samba
> Verzonden: vrijdag 4 september 2020 17:59
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] No DNS domain configured
>
> Hi sorry for the late reaction. I had no access to my test
> setup here is the debug:
>
> Gaia:
> Collected config --- 2020-09-04-17:56 -----------
>
> Hostname: gaia
> DNS Domain: rompen.local
> FQDN: gaia.rompen.local
> ipaddress: 192.168.88.2
>
> -----------
>
> Kerberos SRV _kerberos._tcp.rompen.local record verified ok,
> sample output:
> Server: 192.168.88.2
> Address: 192.168.88.2#53
>
> _kerberos._tcp.rompen.local service = 0 100 88 gaia.rompen.local.
> Samba is running as an AD DC
>
> -----------
> Checking file: /etc/os-release
>
> PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
> NAME="Raspbian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=raspbian
> ID_LIKE=debian
> HOME_URL="http://www.raspbian.org/"
> SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
> BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
>
> -----------
>
>
> This computer is running Debian 10.4 armv7l
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
> UNKNOWN group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UP group default qlen 1000
> link/ether b8:27:eb:7f:ad:98 brd ff:ff:ff:ff:ff:ff
> inet 192.168.88.2/24 brd 192.168.88.255 scope global
> dynamic noprefixroute eth0
> valid_lft 544sec preferred_lft 469sec
> inet6 fe80::bbbd:eb9b:bce9:b088/64 scope link
> 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state
> DOWN group default qlen 1000
> link/ether b8:27:eb:2a:f8:cd brd ff:ff:ff:ff:ff:ff
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> 127.0.1.1 gaia.rompen.local gaia <<<< CHANGE THIS
192.168.88.2 gaia.rompen.local gaia <<<< TO THIS
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> # Generated by resolvconf
> search rompen.local
> nameserver 192.168.88.2
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = ROMPEN.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files
> group: files
> shadow: files
> gshadow: files
>
> hosts: files mdns4_minimal [NOTFOUND=return] dns <<< CHANGE THIS
> hosts: files dns mdns4_minimal [NOTFOUND=return] <<< TO THIS
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> # Global parameters
> [global]
> dns forwarder = 8.8.8.8
> netbios name = GAIA
> realm = ROMPEN.LOCAL
> server role = active directory domain controller
> workgroup = ROMPEN
> idmap_ldb:use rfc2307 = yes
> wins support = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/rompen.local/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> -----------
>
> BIND_DLZ not detected in smb.conf
>
> -----------
>
In addition to below packages,
apt install acl
Reported that enough, dont ask why debian isnt adding it to the Recommended packages.
Since its obligated for the AD-DC's .
> Installed packages:
> ii attr 1:2.4.48-4
> armhf utilities for manipulating filesystem
> extended attributes
> ii krb5-config 2.6
> all Configuration files for Kerberos Version 5
> ii krb5-locales 1.17-3
> all internationalization support for MIT Kerberos
> ii krb5-user 1.17-3
> armhf basic programs to authenticate using
> MIT Kerberos
> ii libacl1:armhf 2.2.53-4
> armhf access control list - shared library
> ii libattr1:armhf 1:2.4.48-4
> armhf extended attribute handling - shared library
> ii libgssapi-krb5-2:armhf 1.17-3
> armhf MIT Kerberos runtime libraries - krb5
> GSS-API Mechanism
> ii libkrb5-3:armhf 1.17-3
> armhf MIT Kerberos runtime libraries
> ii libkrb5support0:armhf 1.17-3
> armhf MIT Kerberos runtime libraries - Support library
> ii libnss-winbind:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba
> nameservice integration plugins
> ii libpam-winbind:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Windows
> domain authentication integration plugin
> ii libsmbclient:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf shared
> library for communication with SMB/CIFS servers
> ii libwbclient0:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba
> winbind client library
> ii python-samba
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Python
> bindings for Samba
> ii samba
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf SMB/CIFS
> file, print, and login server for Unix
> ii samba-common
> 2:4.9.5+dfsg-5+deb10u1+rpi1 all common files
> used by both the Samba server and client
> ii samba-common-bin
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba common
> files used by both the server and the client
> ii samba-dsdb-modules:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba
> Directory Services Database
> ii samba-libs:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba core libraries
> ii samba-testsuite
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf test suite from Samba
> ii samba-vfs-modules:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba
> Virtual FileSystem plugins
> ii smbclient
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf command-line
> SMB/CIFS clients for Unix
> ii winbind
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf service to
> resolve user and group information from Windows NT servers
>
> -----------
>
>
> DNA:
>
> .font-unix/
> .ICE-unix/
> samba-debug-info.txt
> systemd-private-4feeaecc8e5e4411bb61b94f53b7484a-systemd-times
yncd.service-VWNVpy/
> .Test-unix/
> .X11-unix/
> .XIM-unix/
> root at dna:~/tmp# cat /tmp/samba-debug-info.txt
> Collected config --- 2020-09-04-17:58 -----------
>
> Hostname: dna
> DNS Domain: rompen.local
> FQDN: dna.rompen.local
> ipaddress: 192.168.88.3
>
> -----------
>
> Kerberos SRV _kerberos._tcp.rompen.local record verified ok,
> sample output:
> Server: 192.168.88.2
> Address: 192.168.88.2#53
>
> _kerberos._tcp.rompen.local service = 0 100 88 gaia.rompen.local.
> Samba is running as a Unix domain member
>
> -----------
> Checking file: /etc/os-release
>
> PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
> NAME="Raspbian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=raspbian
> ID_LIKE=debian
> HOME_URL="http://www.raspbian.org/"
> SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
> BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
>
> -----------
>
>
> This computer is running Debian 10.4 armv7l
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
> UNKNOWN group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UP group default qlen 1000
> link/ether b8:27:eb:97:db:d8 brd ff:ff:ff:ff:ff:ff
> inet 192.168.88.3/24 brd 192.168.88.255 scope global
> dynamic noprefixroute eth0
> valid_lft 472sec preferred_lft 397sec
> inet6 fe80::e85c:b84c:8f64:eb20/64 scope link
> 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state
> DOWN group default qlen 1000
> link/ether b8:27:eb:c2:8e:8d brd ff:ff:ff:ff:ff:ff
>
> -----------
> Checking file: /etc/hosts
>
> 192.168.88.3 dna.rompen.local dna
> 127.0.0.1 localhost
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> # Generated by resolvconf
> search rompen.local
> nameserver 192.168.88.2
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = ROMPEN.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files winbind
> group: files winbind
> shadow: files
> gshadow: files
>
> hosts: files mdns4_minimal [NOTFOUND=return] dns ## SAME HERE move dns move mdns4_..
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> [global]
> netbios name = DNA
> workgroup = ROMPEN
> security = ADS
> realm = ROMPEN.LOCAL
> encrypt passwords = yes
>
> acl allow execute always = yes
>
> idmap config *:backend = tdb
> idmap config *:range = 70001-80000
> idmap config <win domain>:backend = ad
> idmap config <win domain>:schema_mode = rfc2307
> idmap config <win domain>:range = 3000000-4000000
>
> winbind refresh tickets = Yes
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> winbind use default domain = yes
>
> winbind enum users = yes << change to No
> winbind enum groups = yes << change to No.
>
> username map = /etc/samba/user.map
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> username map = /etc/samba/user.map
>
> [share]
> path = /nas
> read only = no
> inherit acls = yes
>
> [users]
> path = /usr/home
> read only = no
> force create mode = 0600
> force directory mode = 0700
>
> -----------
>
> Running as Unix domain member and no user.map detected.
> This is possible with an auth-only setup, checking also for NFS parts
> -----------
> Checking file: /etc/idmapd.conf
>
> [General]
>
> Verbosity = 0
> Pipefs-Directory = /run/rpc_pipefs
> # set your own domain here, if it differs from FQDN minus hostname
> # Domain = localdomain
>
> [Mapping]
>
> Nobody-User = nobody
> Nobody-Group = nogroup
>
> -----------
>
>
> Installed packages:
> ii acl 2.2.53-4
> armhf access control list - utilities
> ii attr 1:2.4.48-4
> armhf utilities for manipulating filesystem
> extended attributes
> ii krb5-config 2.6
> all Configuration files for Kerberos Version 5
> ii krb5-user 1.17-3
> armhf basic programs to authenticate using
> MIT Kerberos
> ii libacl1:armhf 2.2.53-4
> armhf access control list - shared library
> ii libattr1:armhf 1:2.4.48-4
> armhf extended attribute handling - shared library
> ii libgssapi-krb5-2:armhf 1.17-3
> armhf MIT Kerberos runtime libraries - krb5
> GSS-API Mechanism
> ii libkrb5-3:armhf 1.17-3
> armhf MIT Kerberos runtime libraries
> ii libkrb5support0:armhf 1.17-3
> armhf MIT Kerberos runtime libraries - Support library
> ii libnfsidmap2:armhf 0.25-5.1
> armhf NFS idmapping library
> ii libnss-winbind:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba
> nameservice integration plugins
> ii libpam-winbind:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Windows
> domain authentication integration plugin
> ii libwbclient0:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba
> winbind client library
> ii nfs-common 1:1.3.4-2.5+deb10u1
> armhf NFS support files common to client and server
> ii python-samba
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Python
> bindings for Samba
> ii samba
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf SMB/CIFS
> file, print, and login server for Unix
> ii samba-common
> 2:4.9.5+dfsg-5+deb10u1+rpi1 all common files
> used by both the Samba server and client
> ii samba-common-bin
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba common
> files used by both the server and the client
> ii samba-dsdb-modules:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba
> Directory Services Database
> ii samba-libs:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba core libraries
> ii samba-vfs-modules:armhf
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf Samba
> Virtual FileSystem plugins
> ii winbind
> 2:4.9.5+dfsg-5+deb10u1+rpi1 armhf service to
> resolve user and group information from Windows NT servers
>
> -----------
> root at dna:~/tmp#
>
>
> Philip
>
> > On 31 Aug 2020, at 20:09, Rowland penny via samba
> <samba at lists.samba.org> wrote:
> >
> > On 31/08/2020 18:27, mail at philipoffermans.nl wrote:
> >> I got it. Thanks. The share is working. Only problem, I
> need some files to be only readable for the end user
> (templates) the problem is windows doesn't for some reason
> allow me to change the rights. I am using dutch windows so
> the error is dutch but translated it say. Can't connect/find
> active directory to verify or open claimtypes.
> >>
> > That is not a problem, post the error message in Dutch and
> I feel Louis (who is from Rotterdam) will understand it, but
> in the mean time, can you download this file:
> >
> >
> https://github.com/thctlo/samba4/blob/master/samba-collect-deb
ug-info.sh
> >
> > Run it on your Samba machines and post it into a post to
> this list, do not attach it, this list removes attachments.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list