[Samba] Samba AD DC for Debian

Rob Campbell robcampbell08105 at gmail.com
Wed Oct 27 13:30:42 UTC 2021 

> That should work, have you set the DC as the first nameserver in the Unix
domain members /etc/resolv.conf ?

There should be more than one nameserver?

> This is usually down to a misconfigured /etc/hosts
Which one or both?  They are pretty basic.  I only added the static IP and
commented out .1.1.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Tue, Oct 26, 2021 at 3:55 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Tue, 2021-10-26 at 00:54 -0400, Rob Campbell wrote:
> > First, I had a fully working exactly as expected version at one
> > point.  I had the ssh authentication working with the creation of the
> > home directories on install and a domain member (also Debian).  I
> > didn't write down my instructions because... I was just trying to get
> > it to work.
>
> I learnt the hard way, always take notes :-)
>
> >  It actually wasn't hard that time.  For some reason, it is difficult
> > now.  I am starting with a clean Debian 11 DVD install (debian-
> > 11.0.0-amd64-DVD-1.iso).  After completing the install, I start
> > running through the wiki.  What I found is that the wiki doesn't give
> > instructions to install Samba and key packages (unless I missed it)
> > but it gave all those dependencies I mentioned.  I'm not sure why now
> > the new install is having issues so I'm starting with a clean vm.
>
> As I have said, the Samba wiki is written from the point of view of a
> self-compiled Samba (mostly) and the distros are supposed to provide
> their own instructions using their packages. This is because the
> distros cannot agree on how to package Samba and what to call the
> resultant packages (or even where to place them). For instance 'libnss-
> winbind, libpam-winbind and libpam-krb5' on Debian based distros is
> just 'winbind-clients' on fedora.
>
> >
> > Domain Controller
> > Install debian-11.0.0-amd64-DVD-1.iso
> > Are there some specific configurations that I need to set here that I
> > missed the 2nd and 3rd time?
> > Fix apt so that it doesn't try to pull from dvd
> > apt-get update (just because)
> > Go through wiki
> > Hostname = DSDC01
> > Domain Name = HOME.TEST-SERVER.LAN
> > IP Address = 10.0.0.19
> > apt install samba winbind libnss-winbind libpam-winbind libpam-krb5
> > ntp binutils ldb-tools krb5-user
> > samba-tool domain provision --server-role=dc --use-rfc2307 --dns-
> > backend=SAMBA_INTERNAL --realm=HOME.TEST-SERVER.LAN --domain=HOME --
> > adminpass=1243Password
> > Need to install smbclient 'apt install smbclient'
> > All goes well, it seems.
> >
> > Domain Member
> >
> > Samba is not installed.  Wiki doesn't suggest which packages to
> > install but I installed the same packages suggested in the previous
> > response #8.
>
> Good plan, you need the same package for a DC and a Unix domain member,
> it is how you configure them that matters.
>
> >
> > Everything was fine til I get to reverse lookup
> >
> > [Tue Oct 26 00:19:13] [root at DSDM05~$] nslookup 10.0.0.19
> > ** server can't find 19.0.0.10.in-addr.arpa: NXDOMAIN
>
> That should work, have you set the DC as the first nameserver in the
> Unix domain members /etc/resolv.conf ?
>
> >
> > [Tue Oct 26 00:18:20] [root at DC01~$] samba-tool dns zonecreate
> > 10.0.0.19 0.0.10.in-addr.arpa
> > Password for [administrator at HOME.TEST-SERVER.LAN]:
> > ERROR(runtime): uncaught exception - (9609,
> > 'WERR_DNS_ERROR_ZONE_ALREADY_EXISTS')
> >   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
> > line 186, in _run
> >     return self.run(*args, **kwargs)
> >   File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line
> > 735, in run
> >     res = dns_conn.DnssrvOperation2(client_version, 0, server, None,
>
> That has been fixed in a later version, the reverse zone existing isn't
> an error.
>
> >
> > samba-tool dns add home.test-server.lan 0.0.10.in-addr.arpa 19 PTR
> > home.test-server.lan
> > Now reverse lookup is fine: 19.0.0.10.in-addr.arpa name = home.test-
> > server.lan.
>
> Yes, you need to add the reverse record manually, I thought it says
> this in the wiki, I will check.
>
> >
> > [Tue Oct 26 00:50:35] [root at DSDM05/etc$] net ads join -U
> > Administrator
> > Enter Administrator's password:
> > Using short domain name -- HOME
> > Joined 'DSDM05' to dns domain 'home.test-server.lan'
> > DNS Update for dsdm05.home.test.server.lan failed:
> > ERROR_DNS_UPDATE_FAILED
> > DNS update failed: NT_STATUS_UNSUCCESSFUL
>
> This is usually down to a misconfigured /etc/hosts
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list