David Gonzalez
2010-Aug-10 04:06 UTC
[Samba] Samba4 - Problem trying to add Win 2008 R2 server to Samba4 AD-DC
Hi,
'm trying to setup a Win 2k8 r2 as member server of my domain as Andrew did
on his video, but I've come across this error:
Aug 9 22:47:10 voip named[17100]: client 192.168.254.160#62102: updating
zone 'samba.dghvoip.com/IN': update unsuccessful: samba.dghvoip.com:
'name
not in use' prerequisite not satisfied (YXDOMAIN)
I followed SambaWiki howto word by word, and my Win2k8k has static IP
192.168.254.160 and my samba box (192.168.254.100) as DNS.
when I run dcpromo and see the "Add additional server options" screen,
the
white window with "We could not determine if dynamic updates are enabled on
the DNS Server....".
My setup is as follows:
# samba -V
Version 4.0.0alpha12-GIT-e0f79da
DHCPD server is running on this same machine.
# cat /etc/dhcpd.conf
# If hardware address begins with 00:FF, the client is an
# openvpn tap adapter, and we do not want to assign a
# default gateway or dns server. Assign then to a special
# subclass and configure a pool which does not hand out
# these parameters.
class "openvpn" {
match if substring (hardware, 1, 2) = 00:FF;
}
# end class declaration
authoritative; # No other DHCP servers on this
subnet
ddns-update-style interim; # Supported update method - see man
dhcpd.conf
allow client-updates; # Overwrite client configured FQHNs
# If you have fixed-address entries you want to use dynamic dns
update-static-leases on;
one-lease-per-client on;
ping-timeout 5;
deny duplicates;
allow booting;
allow bootp;
option option-128 code 128 = string;
option option-129 code 129 = text;
key dhcpupdate { # Key for DNS updates
algorithm hmac-md5;
secret "v63XUntwqSRXBjbVhLsGQg==";
}
zone dghvoip.lan. {
primary 127.0.0.1;
key dhcpupdate;
}
zone 254.168.192.in-addr.arpa. {
primary 127.0.0.1;
key dhcpupdate;
}
subnet 192.168.254.0 netmask 255.255.255.0 {
# ignore client-updates;
always-broadcast on;
ddns-updates on;
ddns-rev-domainname "in-addr.arpa";
ddns-domainname "dghvoip.lan";
# default-lease-time 280600;
# max-lease-time 561200;
next-server 192.168.254.110;
filename "/pxelinux.0";
option subnet-mask 255.255.255.0;
option domain-name "dghvoip.lan";
option domain-name-servers 192.168.254.110, 192.168.254.130,
208.67.222.222;
option time-offset -0500;
option ntp-servers 192.168.254.110;
option time-servers 192.168.254.110;
option tftp-server-name "xenserver.dghvoip.lan";
one-lease-per-client true;
# required for phones to pickup profile
option netbios-name-servers 192.168.254.130;
option netbios-node-type 8;
###########################
### LAN non-VPN Clients ###
###########################
pool {
deny members of "openvpn";
range 192.168.254.51 192.168.254.99;
option routers 192.168.254.1;
option domain-name-servers 192.168.254.130, 208.67.222.222;
one-lease-per-client true;
default-lease-time 280600;
max-lease-time 561200;
#dns-hostname = concat ("dhcp-", binary-to-ascii (10,
8,
"-", leased-address));
}
#############################
### VPN CLient parameters ###
#############################
pool {
allow members of "openvpn";
range 192.168.254.21 192.168.254.50;
ddns-hostname = concat ("vpn-", binary-to-ascii (10,
8, "-",
leased-address));
option domain-name-servers 192.168.254.110,
192.168.254.130;
option netbios-name-servers 192.168.254.160;
option netbios-node-type 8;
default-lease-time 3600;
max-lease-time 7200;
one-lease-per-client true;
}
}
# /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.254.100; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside . trust-anchor dlv.isc.org.;
[01] /etc/named.conf 21,01
Top
# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.254.100; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside . trust-anchor dlv.isc.org.;
tkey-gssapi-credential "DNS/samba.dghvoip.com";
tkey-domain "SAMBA.DGHVOIP.COM";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/usr/local/samba/private/named.conf";
include "/etc/named.rfc1912.zones";
include "/etc/named.iscdlv.key";
# cat /usr/local/samba/private/named.conf
zone "samba.dghvoip.com." IN {
type master;
file "/usr/local/samba/private/dns/samba.dghvoip.com.zone";
include "/usr/local/samba/private/named.conf.update";
check-names ignore;
};
# cat /usr/local/samba/private/named.
named.conf named.conf.update named.txt
[root at voip ~]# cat /usr/local/samba/private/named.conf.update
/* this file is auto-generated - do not edit */
update-policy {
grant SAMBA.DGHVOIP.COM ms-self * A AAAA;
grant administrator at SAMBA.DGHVOIP.COM wildcard * A AAAA SRV CNAME
TXT;
grant VOIP$@SAMBA.DGHVOIP.COM wildcard * A AAAA SRV CNAME;
};
# cat /usr/local/samba/private/dns/samba.dghvoip.com.zone
; -*- zone -*-
; generated by provision.pl
$ORIGIN samba.dghvoip.com.
$TTL 1W
@ IN SOA @ hostmaster (
2010080921 ; serial
2D ; refresh
4H ; retry
6W ; expiry
1W ) ; minimum
IN NS voip
IN A 192.168.254.100
;
voip IN A 192.168.254.100
gc._msdcs IN A 192.168.254.100
ebb75fa1-e4ac-443c-ad9d-9878e1ff3f0d._msdcs IN CNAME voip
;
; global catalog servers
_gc._tcp IN SRV 0 100 3268 voip
_gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268 voip
_ldap._tcp.gc._msdcs IN SRV 0 100 3268 voip
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 3268
voip
;
; ldap servers
_ldap._tcp IN SRV 0 100 389 voip
_ldap._tcp.dc._msdcs IN SRV 0 100 389 voip
_ldap._tcp.pdc._msdcs IN SRV 0 100 389 voip
_ldap._tcp.7620096c-a269-4881-99e1-149da78a4a36.domains._msdcs IN
SRV 0 100 389 voip
_ldap._tcp.Default-First-Site-Name._sites IN SRV 0 100 389
voip
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389
voip
;
; krb5 servers
_kerberos._tcp IN SRV 0 100 88 voip
_kerberos._tcp.dc._msdcs IN SRV 0 100 88 voip
_kerberos._tcp.Default-First-Site-Name._sites IN SRV 0 100 88 voip
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 voip
_kerberos._udp IN SRV 0 100 88 voip
; MIT kpasswd likes to lookup this name on password change
_kerberos-master._tcp IN SRV 0 100 88 voip
_kerberos-master._udp IN SRV 0 100 88 voip
;
; kpasswd
_kpasswd._tcp IN SRV 0 100 464 voip
_kpasswd._udp IN SRV 0 100 464 voip
;
; heimdal 'find realm for host' hack
_kerberos IN TXT SAMBA.DGHVOIP.COM
# cat /etc/krb5.conf
[libdefaults]
default_realm = SAMBA.DGHVOIP.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
SAMBA.DGHVOIP.COM = {
kdc = voip.samba.dghvoip.com:88
admin_server = voip.samba.dghvoip.com:749
default_domain = samba.dghvoip.com
}
[domain_realm]
.samba.dghvoip.com = SAMBA.DGHVOIP.COM
samba.dghvoip.com = SAMBA.DGHVOIP.COM
# cat /usr/local/samba/etc/smb.conf
[globals]
netbios name = VOIP
workgroup = DGHVOIP
realm = SAMBA.DGHVOIP.COM
server role = domain controller
interfaces = eth0
wins support = yes
log level = 3
rndc command = true
[netlogon]
path = /usr/local/samba/var/locks/sysvol/dghvoip.lan/scripts
read only = no
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = no
[media]
path = /home/downloads
read only = no
[profiles]
path = /home/profiles
read only = no
[temp]
path = /tmp
read only = no
# cat /etc/resolv.conf
nameserver localhost
nameserver 127.0.0.1
# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.254.100 voip.samba.dghvoip.com voip
# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=voip.samba.dghvoip.com
GATEWAY=192.168.254.1
If any additional info is required I'll be glad to post it here.
Any tips will be greatly appreciated
Thanks
---
David Gonzalez H.
DGHVoIP - OPEN SOURCE TELEPHONY SOLUTIONS
Phone Bogot?: +(57-1)289-1168
Phone Medellin: +(57-4)247-0985
Mobile: +(57)315-838-8326
MSN: david at planetaradio.net
Skype: davidgonzalezh
WEB: http://www.dghvoip.com/
Proud Linux User #294661
Maybe Matching Threads
Wisdom of the Ancients
