[Samba] DNS Help Request

Rowland Penny rpenny at samba.org
Fri Sep 9 20:29:48 UTC 2022 

On Fri, 2022-09-09 at 16:19 -0400, Rob Campbell wrote:
> On Fri, Sep 9, 2022 at 3:33 PM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
> 
> > On Fri, 2022-09-09 at 15:16 -0400, Rob Campbell wrote:
> > > DC02 is not a DC.  Initially I was going to make it a DC but I
> > > changed my
> > > mind.
> > > 
> > > cat /etc/samba/smb.conf
> > > cat /etc/samba/smb.conf
> > > [global]
> > > security = ADS
> > > workgroup = HOME
> > > realm = HOME.ROB-CAMPBELL.LAN
> > > 
> > > log file = /var/log/samba/%m.log
> > > log level = 1
> > > idmap config * : backend = autorid
> > > idmap config * : range = 10000-9999999
> > > idmap config * : rangesize = 200000
> > > 
> > > username map = /etc/samba/user.map
> > > 
> > > template shell = /bin/bash
> > > template homedir = /home/%U
> > > 
> > > There is a log being created /var/log/samba/%m.log:
> > > 
> > > [2022/09/09 15:14:39.261894,  0]
> > > ../../source4/smbd/server.c:644(binary_smbd_main)
> > >   samba version 4.13.13-Debian started.
> > >   Copyright Andrew Tridgell and the Samba Team 1992-2020
> > > [2022/09/09 15:14:39.306210,  0]
> > > ../../source4/smbd/server.c:874(binary_smbd_main)
> > >   At this time the 'samba' binary should only be used for either:
> > >   'server role = active directory domain controller' or to access
> > > the
> > > ntvfs
> > > file server with 'server services = +smb' or the rpc proxy with
> > > 'dcerpc
> > > endpoint servers = remote'
> > 
> > You appear to be trying to start the 'samba' binary. you should
> > join
> > the domain with 'net ads join -Uadministrator' or 'samba-tool
> > domain
> > join <your_dnsdomain> MEMBER -Uadministrator', then once joined,
> > start
> > smbd and winbind, you can aso optional start nmbd.
> > 
> 
> I started fresh.  I made sure to not start the samba binary on the
> member.
> I didn't try to join yet because the DNS issue is still there.
> 
> net ads join -UAdministrator
> Enter Administrator's password:
> Failed to join domain: failed to find DC for domain HOME - The object
> was
> not found.
> 
> 
> > >   You should start smbd/nmbd/winbindd instead for domain member
> > > and
> > > standalone file server tasks
> > > [2022/09/09 15:14:39.306319,  0]
> > > ../../lib/util/become_daemon.c:121(exit_daemon)
> > >   exit_daemon: daemon failed to start: Samba detected
> > > misconfigured
> > > 'server
> > > role' and exited. Check logs for details, error code 22
> > > 
> > > I haven't tried to join because DNS doesn't seem to be working
> > > and
> > > verifying dns is towards the beginning of the wiki.
> > > 
> > > nslookup DC01.home.server-name.lan
> > > ;; connection timed out; no servers could be reached
> > 
> > Well it wouldn't, you should be using 'nslookup dc01.home.rob-
> > campbell.lan' provided your dns domain is 'home.rob-campbell.lan',
> > which it should be because your realm is 'HOME.ROB-CAMPBELL.LAN'.
> > 
> 
> I tried nslookup dc01.home.rob-campbell.lan and got the same error.
> [Fri Sep 09 15:44:53] [root at dc02/var/log/samba$] nslookup
> dc01.home.rob-campbell.lan
> ;; connection timed out; no servers could be reached
> 
> > > nslookup 10.0.0.10
> > > ;; connection timed out; no servers could be reached
> > 
> > Have you set up a reverse zone in AD ?
> > 
> 
> I used https://wiki.samba.org/index.php/DNS_Administration and set up
> all
> of these for hostname dc02.home.rob-campbell.lan with IP 10.0.0.9
> 
> samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.10.in-
> addr.arpa
> Zone 0.10.in-addr.arpa created successfully
> 
> samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.0.10.in-
> addr.arpa
> Zone 0.0.10.in-addr.arpa created successfully
> 
> samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan
> dc02 A
> 10.0.0.9
> Record added successfully
> 
> samba-tool dns add dc01.home.rob-campbell.lan 0.0.10.in-addr.arpa 9
> PTR
> dc02.home.rob-campbell.lan
> Record added successfully
> 
> samba-tool dns add dc01.home.rob-campbell.lan 0.10.in-addr.arpa 9.0
> PTR
> dc02.home.rob-campbell.lan
> Record added successfully
> 
> samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan
> _dc02._tcp SRV 'dc02.home.rob-campbell.lan 8080 0 100'
> Record added successfully
> 
> samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan @
> NS
> dc01.home.rob-campbell.lan
> Record added successfully
> 
> net ads join -UAdministrator
> Enter Administrator's password:
> Failed to join domain: failed to find DC for domain HOME - The object
> was
> not found.

I know it sounds obvious, but you have dns problems.

Does the DC use itself as its first nameserver in /etc/resolv.conf (it
should not be 127.0.0.1).

Does your Unix domain member use the DC as its first nameserver ?

Is a firewall getting in the way ?

Is there anything in syslog ?

Rowland

More information about the samba mailing list