[Samba] Provisioning new AD Domain Controller

Rowland Penny rpenny at samba.org
Sat Jan 20 21:33:21 UTC 2024


On Sat, 20 Jan 2024 21:27:43 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:

> On Sat, 20 Jan 2024 15:44:18 -0500
> Mark Foley via samba <samba at lists.samba.org> wrote:
> 
> > After provisioning and testing my new DC offline, I now want to move
> > it into production. This means changing IPs.
> > 
> > DC FQDN: mail.hprs.local
> > 
> > IPs for setup/testing:
> > 
> > DC: 192.168.1.60
> > Gateway: 192.168.1.1   (Netgear router)
> > DNS: 192.168.1.60      (/etc/resolv.conf)
> > /etc/hosts: 192.168.1.60  mail.hprs.local mail
> > smb.conf, dns forwarder: 192.168.1.1
> > 
> > Production IPs:
> > 
> > DC: 192.168.0.2
> > Gateway: 192.168.0.1   (SonicWall firewall/router)
> > DNS: 192.168.0.2       (/etc/resolv.conf)
> > /etc/hosts: 192.168.0.2  mail.hprs.local mail
> > smb.conf, dns forwarder: 192.168.0.1
> > 
> > I've restarted the network and samba to use these new IPs.
> > 
> > The A record looks good:
> > 
> > # host -t A mail.hprs.local
> > mail.hprs.local has address 192.168.0.2
> > 
> > I also created a new reverse dns record:
> > 
> > # samba-tool dns zonecreate mail.hprs.local 0.168.192.in-addr.arpa
> > 
> > # samba-tool dns zonelist mail
> >   pszZoneName                 : 0.168.192.in-addr.arpa
> >   Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> > DNS_RPC_ZONE_UPDATE_SECURE ZoneType                    :
> > DNS_ZONE_TYPE_PRIMARY Version                     : 50
> >   dwDpFlags                   : DNS_DP_AUTOCREATED
> > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn                   :
> > DomainDnsZones.hprs.local
> > 
> > Two problems ...
> > 
> > I'm not resolving any public or local hostnames, so it appears that
> > samba is not acting as the dns server. I can access public and local
> > hosts by IP.
> 
> Is Samba running ?
> Is /etc/resolv.conf set correctly ?
> 
> It should be:
> 
> search hprs.local
> nameserver 192.168.0.2
> 
> > 
> > Why?
> > 
> > Second, more minor problem, I cannot figure out how to delete the
> > old reverse dns record 1.168.192.in-addr.arpa.
> 
> That could be because you will not have the reverse record
> '1.168.192.in-addr.arpa', or if you do, you have really messed up your
> dns.
> 
> > I've tried numerous
> > combinations of the command to do so with no luck including;
> > 
> > # samba-tool dns delete mail hprs.local mail PTR
> > 1.168.192.in-addr.arpa Password for [administrator at HPRS.LOCAL]:
> > ERROR(runtime): The record does not exist
> > [WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST] - (9701,
> > 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')
> > 
> > What am I doing wrong?
> 
> You are not using the correct command, the usage is:
> 
> samba-tool dns delete <server> <zone> <name> PTR <data>
> 
> Where, in your case, <server> is 'mail', <zone> is
> '0.168.192.in-addr.arpa', <name> is the DCs existing IP '2' and <data>
> is the DCs FQDN 'mail.hprs.local'
> 
> OR
> 
> samba-tool dns delete mail 0.168.192.in-addr.arpa 2 PTR
> mail.hprs.local
> 
> Rowland
> 
> 

Just a finally thought, you will also need to delete the DCs existing
'A' record and create a new one.

Rowland



More information about the samba mailing list