[Samba] Provisioning new AD Domain Controller

Sat Jan 20 21:27:43 UTC 2024

On Sat, 20 Jan 2024 15:44:18 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:

> After provisioning and testing my new DC offline, I now want to move
> it into production. This means changing IPs.
> 
> DC FQDN: mail.hprs.local
> 
> IPs for setup/testing:
> 
> DC: 192.168.1.60
> Gateway: 192.168.1.1   (Netgear router)
> DNS: 192.168.1.60      (/etc/resolv.conf)
> /etc/hosts: 192.168.1.60  mail.hprs.local mail
> smb.conf, dns forwarder: 192.168.1.1
> 
> Production IPs:
> 
> DC: 192.168.0.2
> Gateway: 192.168.0.1   (SonicWall firewall/router)
> DNS: 192.168.0.2       (/etc/resolv.conf)
> /etc/hosts: 192.168.0.2  mail.hprs.local mail
> smb.conf, dns forwarder: 192.168.0.1
> 
> I've restarted the network and samba to use these new IPs.
> 
> The A record looks good:
> 
> # host -t A mail.hprs.local
> mail.hprs.local has address 192.168.0.2
> 
> I also created a new reverse dns record:
> 
> # samba-tool dns zonecreate mail.hprs.local 0.168.192.in-addr.arpa
> 
> # samba-tool dns zonelist mail
>   pszZoneName                 : 0.168.192.in-addr.arpa
>   Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE ZoneType                    :
> DNS_ZONE_TYPE_PRIMARY Version                     : 50
>   dwDpFlags                   : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn                   :
> DomainDnsZones.hprs.local
> 
> Two problems ...
> 
> I'm not resolving any public or local hostnames, so it appears that
> samba is not acting as the dns server. I can access public and local
> hosts by IP.

Is Samba running ?
Is /etc/resolv.conf set correctly ?

It should be:

search hprs.local
nameserver 192.168.0.2

> 
> Why?
> 
> Second, more minor problem, I cannot figure out how to delete the old
> reverse dns record 1.168.192.in-addr.arpa.

That could be because you will not have the reverse record
'1.168.192.in-addr.arpa', or if you do, you have really messed up your
dns.

> I've tried numerous
> combinations of the command to do so with no luck including;
> 
> # samba-tool dns delete mail hprs.local mail PTR
> 1.168.192.in-addr.arpa Password for [administrator at HPRS.LOCAL]:
> ERROR(runtime): The record does not exist
> [WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST] - (9701,
> 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')
> 
> What am I doing wrong?

You are not using the correct command, the usage is:

samba-tool dns delete <server> <zone> <name> PTR <data>

Where, in your case, <server> is 'mail', <zone> is
'0.168.192.in-addr.arpa', <name> is the DCs existing IP '2' and <data>
is the DCs FQDN 'mail.hprs.local'

OR

samba-tool dns delete mail 0.168.192.in-addr.arpa 2 PTR mail.hprs.local

Rowland