Hello Rowland, thank You for a quick response. On 11. 12. 2017 15:48, Rowland Penny via samba wrote:> On Mon, 11 Dec 2017 14:33:48 +0100 > Jiří Knotek via samba<samba at lists.samba.org> wrote: > >> Hello, >> >> Replication from backup Active Directory Domain Controler to primary >> Active Directory Domain Controler does not work, reporting error ' >> WERR_BADFILE '. The reverse works. > You do not have a backup AD DC, or a primary AD DC, you just have two > AD DCsOK, thank you for correcting the nomenclature>> * Linux: Raspbian, debian stretch lite >> * Samba version 4.5.12-Debian >> * DNS: BIND9_DLZ 9.10.x >> * Installed packages: ntp ntpdate samba smbclient winbind libcups2 >> samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user >> >> root at ry11citdc:~# samba-tool drs replicate_ry11citsdc_ ry11citdc dc=ry11cit,dc=local >> Replicate from ry11citdc to ry11citsdc was successful. >> root at ry11citdc:~# samba-tool drs replicate ry11citdc_ry11citsdc_ dc=ry11cit,dc=local >> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_BADFILE') >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 368, in run >> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options) >> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync >> raise drsException("DsReplicaSync failed %s" % estr) >> >> > There is something strange here, you seem to be running the commands on > the same DC, the first time it works, then it cannot find the command, > then after you switched the order of the DCs to replicate to & from, > it throws an errorI copied it badly, I corrected it. The second command demonstrates malfunctioning replication.> > >> First Active Directory Domain Controler: >> >> krb5.conf: >> >> [libdefaults] >> default_realm = RY11CIT.LOCAL >> dns_lookup_realm = false >> dns_lookup_kdc = true >> > You only need the aboveOK, i corrected it.>> named.conf:------------------------ >> >> include "/etc/bind/named.conf.options"; >> include "/etc/bind/named.conf.local"; >> include "/etc/bind/named.conf.default-zones"; >> include "/var/lib/samba/private/named.conf"; >> >> named.conf.options:----------------------- >> >> options { >> directory "/var/cache/bind"; >> >> dnssec-validation auto; >> >> auth-nxdomain no; # conform to RFC1035 >> listen-on-v6 { none; }; >> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; >> }; > You haven't set any forwarders.My network has only 10 stations and can not access the Internet. I just need Windows domain users. Bind9 I chose for future use.>> smb.conf:------------------------------ >> >> # Global parameters >> [global] >> netbios name = RY11CITDC >> realm = RY11CIT.LOCAL >> workgroup = RY11CIT >> server role = active directory domain controller >> > Why haven't you got a 'server services' line ? > you should have if you are using Bind9Because of "https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html" they write that "Default: //|server services|/ = |s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns| /". But according to "https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC" here I will add "server services = -dns". It is correct?> > >> Another (Standby) Active Directory Domain Controler: > What do mean by 'standby' ?Standby server is an expression using SCADA / HMI SW CitectSCADA. It's a DC backup, here one DC.>> krb5.conf: >> >> [libdefaults] >> default_realm = RY11CIT.LOCAL >> dns_lookup_realm = false >> dns_lookup_kdc = true >> > You only need the aboveOK, i corrected it.> > >> [realms] > named.conf.options:----------------------- >> options { >> directory "/var/cache/bind"; >> >> dnssec-validation auto; >> >> auth-nxdomain no; # conform to RFC1035 >> listen-on-v6 { none; }; >> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; >> }; >> > Still no forwardersMy network has only 10 stations and can not access the Internet. I just need Windows domain users. Bind9 I chose for future use.> >> smb.conf:------------------------------ >> >> # Global parameters >> [global] >> netbios name = RY11CITSDC >> realm = RY11CIT.LOCAL >> workgroup = RY11CIT >> >> server role = active directory domain controller >> > Again there is no 'server services' lineBecause of "https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html" they write that "Default: //|server services|/ = |s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns| /". But according to "https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC" here I will add "server services = -dns". It is correct?> > > Finally, I see that you are not aware that using '.local' is a bad > idea.My network has only 10 stations and can not access the Internet. I thought that .local is just a name. Do you recommend a different name?> > Rowland > >Unfortunately, the changes made did not correct replication from ry11citsdc to ry11citdc. Do you have any other advice or do you need more information? Thanks J.Knotek -- *Ing. Jiří Knotek* programátor *GEMA s.r.o. Automatizace technologických procesů* Doubravice 13, Pardubice 19, 53353 Tel: +420604570127 E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz> Web:www.gemapce.cz <http://www.gemapce.cz/>
On Mon, 11 Dec 2017 21:59:58 +0100 Jiří Knotek via samba <samba at lists.samba.org> wrote:> Hello Rowland, > thank You for a quick response. > >> > You haven't set any forwarders. > > My network has only 10 stations and can not access the Internet. I > just need Windows domain users. Bind9 I chose for future use.OK, I can understand the lack of forwarders.> >> smb.conf:------------------------------ > >> > >> # Global parameters > >> [global] > >> netbios name = RY11CITDC > >> realm = RY11CIT.LOCAL > >> workgroup = RY11CIT > >> server role = active directory domain controller > >> > > Why haven't you got a 'server services' line ? > > you should have if you are using Bind9 > > Because of > "https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html" > they write that "Default: //|server services|/ = |s3fs rpc nbt wrepl > ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns| /". > > But according to > "https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC" > here I will add "server services = -dns". It is correct?If you provisioned with '--dns-backend=BIND9_DLZ' , you would have found a 'server services' line in smb.conf and it would have look this: server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate Note the lack of 'dns' on the end, you can however write this as: server services = -dns Both lines mean the same thing, you are going to use BIND9_DLZ and not to run the internal dns server. Without one of the two lines, the internal dns server will be run and as you also seem to be running Bind9, you will now have two dns servers trying to claim port 53. Rowland
Hello Rowland,
thank you for advice. I reconfigure both AC-DCs again with new data
and send updated data. Unfortunately, the result is the same. I'm also
sending a listing from
samba-setup-checkup.sh.
* Linux: Raspbian, debian stretch lite
* Samba version 4.5.12-Debian
* DNS: BIND9_DLZ 9.10.x
* Installed packages: ntp ntpdate samba smbclient winbind libcups2
samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
*root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc
ry11citdc dc=ry11cit,dc=lan*
Replicate from ry11citdc to ry11citsdc was successful.
*root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc
ry11citsdc dc=ry11cit,dc=lan*
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
368, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
83,
in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
*root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh*
Check hostnames : Mismatch in hostname definitions
please check :
HOST_NAME_SHORT: ry11citdc
HOST_NAME_DOMAIN:
HOST_NAME_FQDN: ry11citdc
HOST_IP1: 10.44.1.10
HOST_IP2: Only one interface detected
HOST_GATEWAY: 10.44.1.1
HOST_PRIMARY_INTERFACE: 10.44.1.1
eth0
HOST_RESOLV_DOMAIN: domain ry11cit.lan
HOST_RESOLV_SEARCH: search ry11cit.lan
HOST_RESOLV_NAMESERV1: 10.44.1.10
HOST_RESOLV_NAMESERV2: 10.44.1.9
HOST_RESOLV_NAMESERV3:
Possible error detected in /etc/hosts, mismatch FQDN and detected IP
10.44.1.10 for the host.
expected was : 10.44.1.10 ry11citdc ry11citdc
Checking detected host ipnumbers from resolv.conf and default gateway
Ping gateway ip : 10.44.1.1 : Error
ping nameserver1: 10.44.1.10 : Ok
ping nameserver2: 10.44.1.9 : Ok
Check ping google dns : 8.8.8.8 : Error
Checking file owner..
-rw-r--r-- pi pi /etc/samba/smb.conf
Checking file owner..
-rw-r--r-- pi pi /etc/samba/lmhosts
Checking file owner..
Missing file /etc/samba/smbpasswd
drwxr-xr-x root root /usr/bin
drwxr-xr-x root root /var/cache/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf
drwxr-xr-x root root /var/run/samba
drwxr-x--- root adm /var/log/samba
drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba
drwxr-xr-x root root /var/run/samba
drwxr-xr-x root root /var/lib/samba/private
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var/lib/samba
DCS 2(SERVFAIL
DC1 2(SERVFAIL
DC2
ERROR: Invalid IP address '2(SERVFAIL'!
Samba AD DC info: = detected (command and where to look)
This server hostname = ry11citdc (hostname -s and /etc/hosts
and DNS server)
This server FQDN (hostname) = ry11citdc (hostname -f and /etc/hosts
and DNS server)
This server primary dnsdomain = (hostname -d and /etc/resolv.conf and
DNS server)
This server IP address(ses) = 10.44.1.10 Only one interface detected
(hostname -i (-I) and /etc/networking/interfaces and DNS server
The DC with FSMO roles = RY11CITDC (samba-tool fsmo show)
The DC (with FSMO) Site name = Default-First-Site-Name (samba-tool fsmo
show)
The Default Naming Context = DC=ry11cit,DC=lan (samba-tool fsmo show)
The Kerberos REALM name used = RY11CIT.LAN (kinit and /etc/krb5.conf
and resolving)
The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL)
SAMBA_SERVER_ROLE: active directory domain controller
SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver
*I did not come to the way the hostname -d command would return the
domain name. How can I do that? In addition, there are host, lmhost,
resolv.conf, and so on**
*
Please help, I don 't know the advice.
System integrator Jiří Knotek
"Primary" Active Directory Domain
Controler:---------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------
hostname:-----------------
ry11citdc.ry11cit.lan
hosts:---------------
127.0.0.1 localhost localhost.localdomain
10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
resolv.conf.head:-------------------
domain ry11cit.lan
search ry11cit.lan
systemctl.conf"--------------------
net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6=1
krb5.conf:------------
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
named.conf:------------------------
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
named.conf.options:-----------------------
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
lmhost:--------------------------
127.0.0.1 localhost
10.44.1.10 ry11citdc
10.44.1.9 ry11citsdc
smb.conf:------------------------------
# Global parameters
[global]
netbios name = RY11CITDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Samba Provision---------------:
samba-tool domain provision --realm=RY11CIT.LAN --domain=RY11CIT
--server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'
"Backup / Standby" Active Directory Domain
Controler:---------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------
hostname:-----------------
ry11citsdc.ry11cit.lan
hosts:---------------
127.0.0.1 localhost localhost.localdomain
10.44.1.10 ry11citdc ry11citdc.ry11cit.lan
10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan
resolv.conf.head:-------------------
domain ry11cit.lan
search ry11cit.lan
systemctl.conf"--------------------
net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6=1
krb5.conf:------------
[libdefaults]
default_realm = RY11CIT.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
named.conf:------------------------
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
named.conf.options:-----------------------
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
lmhost:--------------------------
127.0.0.1 localhost
10.44.1.10 ry11citdc
10.44.1.9 ry11citsdc
smb.conf:------------------------------
# Global parameters
[global]
netbios name = RY11CITSDC
realm = RY11CIT.LAN
server services = -dns
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Samba join---------------:
samba-tool domain join RY11CIT DC -Uadministrator
--realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....'
Thanks Jiri Knotek
Great you use my script :-) Now we know something is wrong, run this one. https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh And post the content to the list, that helps a lot. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Ji??í Knotek via samba > Verzonden: woensdag 13 december 2017 10:14 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Replication problems bdc to pdc > > Hello Rowland, > > thank you for advice. I reconfigure both AC-DCs again > with new data > and send updated data. Unfortunately, the result is the same. > I'm also > sending a listing from > > samba-setup-checkup.sh. > > * Linux: Raspbian, debian stretch lite > * Samba version 4.5.12-Debian > * DNS: BIND9_DLZ 9.10.x > * Installed packages: ntp ntpdate samba smbclient winbind libcups2 > samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user > > *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citsdc > ry11citdc dc=ry11cit,dc=lan* > Replicate from ry11citdc to ry11citsdc was successful. > > *root at ry11citdc:/home/pi/Ry11# samba-tool drs replicate ry11citdc > ry11citsdc dc=ry11cit,dc=lan* > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (2, 'WERR_BADFILE') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line > 368, in run > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > source_dsa_guid, NC, req_options) > File > "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, > in sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > > *root at ry11citdc:/home/pi/Ry11# bash samba-setup-checkup.sh* > Check hostnames : Mismatch in hostname definitions > please check : > HOST_NAME_SHORT: ry11citdc > HOST_NAME_DOMAIN: > HOST_NAME_FQDN: ry11citdc > HOST_IP1: 10.44.1.10 > HOST_IP2: Only one interface detected > HOST_GATEWAY: 10.44.1.1 > HOST_PRIMARY_INTERFACE: 10.44.1.1 > eth0 > HOST_RESOLV_DOMAIN: domain ry11cit.lan > HOST_RESOLV_SEARCH: search ry11cit.lan > HOST_RESOLV_NAMESERV1: 10.44.1.10 > HOST_RESOLV_NAMESERV2: 10.44.1.9 > HOST_RESOLV_NAMESERV3: > Possible error detected in /etc/hosts, mismatch FQDN and detected IP > 10.44.1.10 for the host. > expected was : 10.44.1.10 ry11citdc ry11citdc > Checking detected host ipnumbers from resolv.conf and default gateway > Ping gateway ip : 10.44.1.1 : Error > ping nameserver1: 10.44.1.10 : Ok > ping nameserver2: 10.44.1.9 : Ok > Check ping google dns : 8.8.8.8 : Error > Checking file owner.. > -rw-r--r-- pi pi /etc/samba/smb.conf > Checking file owner.. > -rw-r--r-- pi pi /etc/samba/lmhosts > Checking file owner.. > Missing file /etc/samba/smbpasswd > drwxr-xr-x root root /usr/bin > drwxr-xr-x root root /var/cache/samba > drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf > drwxr-xr-x root root /var/run/samba > drwxr-x--- root adm /var/log/samba > drwxr-xr-x root root /usr/lib/arm-linux-gnueabihf/samba > drwxr-xr-x root root /var/run/samba > drwxr-xr-x root root /var/lib/samba/private > drwxr-xr-x root root /usr/sbin > drwxr-xr-x root root /var/lib/samba > DCS 2(SERVFAIL > DC1 2(SERVFAIL > DC2 > ERROR: Invalid IP address '2(SERVFAIL'! > Samba AD DC info: = detected (command and where to look) > This server hostname = ry11citdc (hostname -s and /etc/hosts > and DNS server) > This server FQDN (hostname) = ry11citdc (hostname -f and /etc/hosts > and DNS server) > This server primary dnsdomain = (hostname -d and > /etc/resolv.conf and > DNS server) > This server IP address(ses) = 10.44.1.10 Only one > interface detected > (hostname -i (-I) and /etc/networking/interfaces and DNS server > The DC with FSMO roles = RY11CITDC (samba-tool fsmo show) > The DC (with FSMO) Site name = Default-First-Site-Name > (samba-tool fsmo > show) > The Default Naming Context = DC=ry11cit,DC=lan (samba-tool > fsmo show) > The Kerberos REALM name used = RY11CIT.LAN (kinit and > /etc/krb5.conf > and resolving) > The Ipadres of DC 2(SERVFAIL = 2(SERVFAIL) > SAMBA_SERVER_ROLE: active directory domain controller > SAMBA_SERVER_SERVICES: s3fs, rpc, nbt, wrepl, ldap, cldap, > kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate > SAMBA_DCERPC_ENDPOINT_SERVERS: epmapper, wkssvc, rpcecho, samr, > netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, > backupkey, dnsserver > > > *I did not come to the way the hostname -d command would return the > domain name. How can I do that? In addition, there are host, lmhost, > resolv.conf, and so on** > * > > Please help, I don 't know the advice. > > System integrator Ji??í Knotek > > > "Primary" Active Directory Domain > Controler:---------------------------------------------------- > ----------------------------------------------- > > -------------------------------------------------------------- > -------------------------------------------------------------- > ------------------------- > > > hostname:----------------- > ry11citdc.ry11cit.lan > > hosts:--------------- > 127.0.0.1 localhost localhost.localdomain > 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan > 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan > > resolv.conf.head:------------------- > domain ry11cit.lan > search ry11cit.lan > > systemctl.conf"-------------------- > net.ipv4.ip_forward=1 > net.ipv6.conf.all.disable_ipv6=1 > > > > krb5.conf:------------ > > [libdefaults] > default_realm = RY11CIT.LAN > dns_lookup_realm = false > dns_lookup_kdc = true > > named.conf:------------------------ > > include "/etc/bind/named.conf.options"; > include "/etc/bind/named.conf.local"; > include "/etc/bind/named.conf.default-zones"; > include "/var/lib/samba/private/named.conf"; > > named.conf.options:----------------------- > > options { > directory "/var/cache/bind"; > > dnssec-validation auto; > > auth-nxdomain no; # conform to RFC1035 > listen-on-v6 { none; }; > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > }; > > lmhost:-------------------------- > 127.0.0.1 localhost > 10.44.1.10 ry11citdc > 10.44.1.9 ry11citsdc > > smb.conf:------------------------------ > > # Global parameters > [global] > netbios name = RY11CITDC > realm = RY11CIT.LAN > server services = -dns > workgroup = RY11CIT > server role = active directory domain controller > > [netlogon] > path = /var/lib/samba/sysvol/ry11cit.lan/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > Samba Provision---------------: > > samba-tool domain provision --realm=RY11CIT.LAN --domain=RY11CIT > --server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....' > > "Backup / Standby" Active Directory Domain > Controler:---------------------------------------------------- > ----------------------------------------------- > > > -------------------------------------------------------------- > -------------------------------------------------------------- > ------------------------- > > > hostname:----------------- > ry11citsdc.ry11cit.lan > > hosts:--------------- > 127.0.0.1 localhost localhost.localdomain > 10.44.1.10 ry11citdc ry11citdc.ry11cit.lan > 10.44.1.9 ry11citsdc ry11citsdc.ry11cit.lan > > resolv.conf.head:------------------- > domain ry11cit.lan > search ry11cit.lan > > systemctl.conf"-------------------- > net.ipv4.ip_forward=1 > net.ipv6.conf.all.disable_ipv6=1 > > > > krb5.conf:------------ > > [libdefaults] > default_realm = RY11CIT.LAN > dns_lookup_realm = false > dns_lookup_kdc = true > > named.conf:------------------------ > > include "/etc/bind/named.conf.options"; > include "/etc/bind/named.conf.local"; > include "/etc/bind/named.conf.default-zones"; > include "/var/lib/samba/private/named.conf"; > > named.conf.options:----------------------- > > options { > directory "/var/cache/bind"; > > dnssec-validation auto; > > auth-nxdomain no; # conform to RFC1035 > listen-on-v6 { none; }; > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > }; > > lmhost:-------------------------- > 127.0.0.1 localhost > 10.44.1.10 ry11citdc > 10.44.1.9 ry11citsdc > > smb.conf:------------------------------ > > # Global parameters > [global] > netbios name = RY11CITSDC > realm = RY11CIT.LAN > server services = -dns > workgroup = RY11CIT > server role = active directory domain controller > > [netlogon] > path = /var/lib/samba/sysvol/ry11cit.lan/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > Samba join---------------: > > samba-tool domain join RY11CIT DC -Uadministrator > --realm=RY11CIT.LAN --dns-backend=BIND9_DLZ --adminpass='.....' > > > Thanks Jiri Knotek > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >