[Samba] DNS problems when adding samba DC to win2008R2
Carlos Jesus
camjesus2 at gmail.com
Mon Sep 14 09:39:32 UTC 2020
>
> On 13/09/2020 22:40, Carlos Jesus wrote:
> > Hi Rowland, thank you for your help.
> > I've added the include "/var/lib/samba/bind-dns/named.conf in
> > /etc/bind/named.conf instead of named.conf.options.
> Please don't do that, it isn't a good idea, use an 'include', that way
> if something changes, it will still work.
> >
It IS an include. In named.conf with the other includes, but I've changed
it.
>
> As for the link, here it goes.
> > https://lists.samba.org/archive/samba/2019-July/224546.html
>
> Yes and that didn't end successfully :-\
>
> Yeap. I noticed but still...
> What did the Windows DC start out as ? 2008R2 or was it an earlier version
> ?
>
> Straight Windows 2008R2
> What was the full command you used to join the Samba DC to the Windows
> domain ?
>
> I basically followed
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
.
The command was
samba-tool domain join MyDomain.lx.pt DC -U"MyDomain\administrator"
> Did you get any errors during the successful join ?
>
> Not after changing join.py
> Can you go here:
> https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh
>
> Download the script and run it on your Samba DC.
>
> sanitise the outpost and post it to this list.
>
>
grep: /etc/samba/smb.conf: No such file or directory
./samba.sh: line 328: [: : integer expression expected
DC2:/home/carlos# more /tmp/samba-debug-info.txt
Collected config --- 2020-09-14-10:27 -----------
Hostname: DC2
DNS Domain: MyDomain.lx.pt
FQDN: DC2.MyDomain.lx.pt
ipaddress: 192.168.59.112
-----------
Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample
output:
Server: 192.168.59.112
Address: 192.168.59.112#53
_kerberos._tcp.MyDomain.lx.pt service = 0 100 88 dc2.MyDomain.lx.pt.
Samba is running as an AD DC
-----------
Checking file: /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
-----------
This computer is running Debian 10.5 x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
link/ether 00:15:5d:3b:6f:09 brd ff:ff:ff:ff:ff:ff
inet 192.168.59.112/24 brd 192.168.59.255 scope global eth0
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
192.168.59.112 DC2.MyDomain.lx.pt DC2
-----------
Checking file: /etc/resolv.conf
domain MyDomain.lx.pt
search MyDomain.lx.pt
#nameserver 192.168.59.111
nameserver 192.168.59.112
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = MyDomain.LX.PT
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
passwd: files systemd winbind
group: files systemd winbind
shadow: files
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /usr/local/samba/etc/smb.conf
[global]
netbios name = DC2
realm = MyDomain.LX.PT
server role = active directory domain controller
workgroup = MyDomain
idmap_ldb:use rfc2307 = yes
log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@
/var/log/samba/sam.log
log file = /var/log/samba/samba.log
server services = -dns
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U
server min protocol = SMB2
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/MyDomain.lx.pt/scripts
read only = No
-----------
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/usr/local/samba/bind-dns/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
acl internals { 127.0.0.0/8; 192.168.59.0/24; };
options {
directory "/var/cache/bind";
version "Go Away 0.0.7";
notify no;
empty-zones-enable no;
auth-nxdomain yes;
forwarders { 8.8.8.8; 8.8.4.4; };
allow-transfer { none; };
dnssec-validation no;
dnssec-enable no;
dnssec-lookaside no;
listen-on-v6 { none; };
listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; };
minimal-responses yes;
allow-query { "internals"; };
allow-query-cache { "internals"; };
recursion yes;
allow-recursion { "internals"; };
tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
};
-----------
Checking file: /etc/bind/named.conf.local
-----------
Checking file: /etc/bind/named.conf.default-zones
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Samba DNS zone list: 3 zone(s) found
pszZoneName : 59.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.MyDomain.lx.pt
pszZoneName : MyDomain.lx.pt
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.MyDomain.lx.pt
pszZoneName : _msdcs.MyDomain.lx.pt
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.MyDomain.lx.pt
Samba DNS zone list Automated check :
zone : 59.168.192.in-addr.arpa ok, no Bind flat-files found
-----------
zone : MyDomain.lx.pt ok, no Bind flat-files found
-----------
zone : _msdcs.MyDomain.lx.pt ok, no Bind flat-files found
-----------
Installed packages:
ii acl 2.2.53-4
amd64 access control list - utilities
ii attr 1:2.4.48-4
amd64 utilities for manipulating filesystem extended attributes
ii bind9 1:9.11.5.P4+dfsg-5.1+deb10u2
amd64 Internet Domain Name Server
ii bind9-host 1:9.11.5.P4+dfsg-5.1+deb10u2
amd64 DNS lookup utility (deprecated)
ii bind9utils 1:9.11.5.P4+dfsg-5.1+deb10u2
amd64 Utilities for BIND
ii fonts-quicksand 0.2016-2
all sans-serif font with round attributes
ii krb5-config 2.6
all Configuration files for Kerberos Version 5
ii krb5-kdc 1.17-3
amd64 MIT Kerberos key server (KDC)
ii krb5-locales 1.17-3
all internationalization support for MIT Kerberos
ii krb5-multidev:amd64 1.17-3
amd64 development files for MIT Kerberos without Heimdal conflict
ii krb5-user 1.17-3
amd64 basic programs to authenticate using MIT Kerberos
ii libacl1:amd64 2.2.53-4
amd64 access control list - shared library
ii libacl1-dev:amd64 2.2.53-4
amd64 access control list - static libraries and headers
ii libattr1:amd64 1:2.4.48-4
amd64 extended attribute handling - shared library
ii libattr1-dev:amd64 1:2.4.48-4
amd64 extended attributes handling - static libraries and headers
ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
amd64 BIND9 Shared Library used by BIND
ii libgssapi-krb5-2:amd64 1.17-3
amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3
amd64 Heimdal Kerberos - libraries
ii libkrb5-3:amd64 1.17-3
amd64 MIT Kerberos runtime libraries
ii libkrb5-dev:amd64 1.17-3
amd64 headers and development libraries for MIT Kerberos
ii libkrb5support0:amd64 1.17-3
amd64 MIT Kerberos runtime libraries - Support library
ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1
amd64 shared library for communication with SMB/CIFS servers
ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1
amd64 Samba winbind client library
ii python-attr 18.2.0-1
all Attributes without boilerplate (Python 2)
ii python3-pyxattr 0.6.1-1
amd64 module for manipulating filesystem extended attributes
(Python3)
ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1
amd64 Samba core libraries
-----------
Rowland penny via samba <samba at lists.samba.org> escreveu no dia segunda,
14/09/2020 à(s) 08:43:
> On 13/09/2020 22:40, Carlos Jesus wrote:
> > Hi Rowland, thank you for your help.
> > I've added the include "/var/lib/samba/bind-dns/named.conf in
> > /etc/bind/named.conf instead of named.conf.options.
> Please don't do that, it isn't a good idea, use an 'include', that way
> if something changes, it will still work.
> >
> > As for the link, here it goes.
> > https://lists.samba.org/archive/samba/2019-July/224546.html
>
> Yes and that didn't end successfully :-\
>
> What did the Windows DC start out as ? 2008R2 or was it an earlier version
> ?
>
> What was the full command you used to join the Samba DC to the Windows
> domain ?
>
> Did you get any errors during the successful join ?
>
> Can you go here:
> https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh
>
> Download the script and run it on your Samba DC.
>
> sanitise the outpost and post it to this list.
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list