[Samba] DNS Help Request
Luke Barone
lukebarone at gmail.com
Fri Sep 9 23:23:33 UTC 2022
Correct me if I'm wrong, but it shouldn't show dc02 on a DNS lookup unless
you added it as a Domain Controller, or you added it to DNS manually?
On Fri, Sep 9, 2022 at 4:21 PM Rob Campbell via samba <samba at lists.samba.org>
wrote:
> On Fri, Sep 9, 2022 at 4:30 PM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
> > On Fri, 2022-09-09 at 16:19 -0400, Rob Campbell wrote:
> > > On Fri, Sep 9, 2022 at 3:33 PM Rowland Penny via samba <
> > > samba at lists.samba.org> wrote:
> > >
> > > > On Fri, 2022-09-09 at 15:16 -0400, Rob Campbell wrote:
> > > > > DC02 is not a DC. Initially I was going to make it a DC but I
> > > > > changed my
> > > > > mind.
> > > > >
> > > > > cat /etc/samba/smb.conf
> > > > > cat /etc/samba/smb.conf
> > > > > [global]
> > > > > security = ADS
> > > > > workgroup = HOME
> > > > > realm = HOME.ROB-CAMPBELL.LAN
> > > > >
> > > > > log file = /var/log/samba/%m.log
> > > > > log level = 1
> > > > > idmap config * : backend = autorid
> > > > > idmap config * : range = 10000-9999999
> > > > > idmap config * : rangesize = 200000
> > > > >
> > > > > username map = /etc/samba/user.map
> > > > >
> > > > > template shell = /bin/bash
> > > > > template homedir = /home/%U
> > > > >
> > > > > There is a log being created /var/log/samba/%m.log:
> > > > >
> > > > > [2022/09/09 15:14:39.261894, 0]
> > > > > ../../source4/smbd/server.c:644(binary_smbd_main)
> > > > > samba version 4.13.13-Debian started.
> > > > > Copyright Andrew Tridgell and the Samba Team 1992-2020
> > > > > [2022/09/09 15:14:39.306210, 0]
> > > > > ../../source4/smbd/server.c:874(binary_smbd_main)
> > > > > At this time the 'samba' binary should only be used for either:
> > > > > 'server role = active directory domain controller' or to access
> > > > > the
> > > > > ntvfs
> > > > > file server with 'server services = +smb' or the rpc proxy with
> > > > > 'dcerpc
> > > > > endpoint servers = remote'
> > > >
> > > > You appear to be trying to start the 'samba' binary. you should
> > > > join
> > > > the domain with 'net ads join -Uadministrator' or 'samba-tool
> > > > domain
> > > > join <your_dnsdomain> MEMBER -Uadministrator', then once joined,
> > > > start
> > > > smbd and winbind, you can aso optional start nmbd.
> > > >
> > >
> > > I started fresh. I made sure to not start the samba binary on the
> > > member.
> > > I didn't try to join yet because the DNS issue is still there.
> > >
> > > net ads join -UAdministrator
> > > Enter Administrator's password:
> > > Failed to join domain: failed to find DC for domain HOME - The object
> > > was
> > > not found.
> > >
> > >
> > > > > You should start smbd/nmbd/winbindd instead for domain member
> > > > > and
> > > > > standalone file server tasks
> > > > > [2022/09/09 15:14:39.306319, 0]
> > > > > ../../lib/util/become_daemon.c:121(exit_daemon)
> > > > > exit_daemon: daemon failed to start: Samba detected
> > > > > misconfigured
> > > > > 'server
> > > > > role' and exited. Check logs for details, error code 22
> > > > >
> > > > > I haven't tried to join because DNS doesn't seem to be working
> > > > > and
> > > > > verifying dns is towards the beginning of the wiki.
> > > > >
> > > > > nslookup DC01.home.server-name.lan
> > > > > ;; connection timed out; no servers could be reached
> > > >
> > > > Well it wouldn't, you should be using 'nslookup dc01.home.rob-
> > > > campbell.lan' provided your dns domain is 'home.rob-campbell.lan',
> > > > which it should be because your realm is 'HOME.ROB-CAMPBELL.LAN'.
> > > >
> > >
> > > I tried nslookup dc01.home.rob-campbell.lan and got the same error.
> > > [Fri Sep 09 15:44:53] [root at dc02/var/log/samba$] nslookup
> > > dc01.home.rob-campbell.lan
> > > ;; connection timed out; no servers could be reached
> > >
> > > > > nslookup 10.0.0.10
> > > > > ;; connection timed out; no servers could be reached
> > > >
> > > > Have you set up a reverse zone in AD ?
> > > >
> > >
> > > I used https://wiki.samba.org/index.php/DNS_Administration and set up
> > > all
> > > of these for hostname dc02.home.rob-campbell.lan with IP 10.0.0.9
> > >
> > > samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.10.in-
> > > addr.arpa
> > > Zone 0.10.in-addr.arpa created successfully
> > >
> > > samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.0.10.in-
> > > addr.arpa
> > > Zone 0.0.10.in-addr.arpa created successfully
> > >
> > > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan
> > > dc02 A
> > > 10.0.0.9
> > > Record added successfully
> > >
> > > samba-tool dns add dc01.home.rob-campbell.lan 0.0.10.in-addr.arpa 9
> > > PTR
> > > dc02.home.rob-campbell.lan
> > > Record added successfully
> > >
> > > samba-tool dns add dc01.home.rob-campbell.lan 0.10.in-addr.arpa 9.0
> > > PTR
> > > dc02.home.rob-campbell.lan
> > > Record added successfully
> > >
> > > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan
> > > _dc02._tcp SRV 'dc02.home.rob-campbell.lan 8080 0 100'
> > > Record added successfully
> > >
> > > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan @
> > > NS
> > > dc01.home.rob-campbell.lan
> > > Record added successfully
> > >
> > > net ads join -UAdministrator
> > > Enter Administrator's password:
> > > Failed to join domain: failed to find DC for domain HOME - The object
> > > was
> > > not found.
> >
> > I know it sounds obvious, but you have dns problems.
> >
> > Does the DC use itself as its first nameserver in /etc/resolv.conf (it
> > should not be 127.0.0.1).
> >
>
> Yes. It doesn't have 127.0.0.1 at all.
> nameserver 10.0.0.10
> search HOME.ROB-CAMPBELL.LAN
>
> >
> > Does your Unix domain member use the DC as its first nameserver ?
> >
>
> It is set up the same:
> nameserver 10.0.0.10
> search HOME.ROB-CAMPBELL.LAN
> >
> >
> > Is a firewall getting in the way ?
> >
> I checked and port 53 was already open but I 'opened it again' and I was
> able to:
> Everything below here is from DC02 (the member)
>
> nslookup dc01
> Server: 10.0.0.10
> Address: 10.0.0.10#53
>
> Name: dc01.HOME.ROB-CAMPBELL.LAN
> Address: 10.0.0.10
> Name: dc01.HOME.ROB-CAMPBELL.LAN
> Address: 2600:4040:4666:f900::1bac
>
> nslookup 10.0.0.10
> 10.0.0.10.in-addr.arpa name = DC01.
>
> Authoritative answers can be found from:
>
> But I was not able to
> nslookup dc02
> Server: 10.0.0.10
> Address: 10.0.0.10#53
>
> Non-authoritative answer:
> *** Can't find dc02: No answer
>
> nslookup dc02.home.rob-campbell.lan
> Server: 10.0.0.10
> Address: 10.0.0.10#53
>
> ** server can't find dc02.home.rob-campbell.lan: NXDOMAIN
>
>
>
>
> > Is there anything in syslog ?
> >
>
> Only errors from me trying to add a dns record that already exists.
>
> >
> > Rowland
> >
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list