First, I am sorry. I should know this by now. Last week had an issue with W7 client could not update. I made some adjustments to get W7 updated. Now I am having an issue with update resolution. (Run apt-get update and repositories cannot be find, etc.) So, this tells me that I have messed up my dns resolution. All clients (W7 & linux) point to my DC for DNS nameserver. All clients (W7 & linux) have statis ip addresses. Here are some files from my DC: root at dc01:~# cat /etc/hosts 127.0.0.1 localhost 192.168.16.54 dc01.dtshrm.lan dc01 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters root at dc01:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet static address 192.168.16.54 netmask 255.255.255.0 network 192.168.16.0 broadcast 192.168.16.255 gateway 192.168.16.106 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 208.67.222.222 dns-search dtshrm.local root at dc01:~# cat /etc/resolv.conf search dtshrm.local domain dtshrm.local nameserver 192.168.16.54 root at dc01:~# cat /etc/samba/smb.conf # Global parameters [global] workgroup = DTSHRM realm = DTSHRM.LAN netbios name = DC01 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/dtshrm.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Shouldn't there be a dns forwarder within the smb.conf file? Please tell me where I made my error. -- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" Links: ------ [1] http://www.donelsontrophy.com
On 19/01/15 20:04, Bob of Donelson Trophy wrote:> > > First, I am sorry. I should know this by now. > > Last week had an issue with W7 client could not update. I made some > adjustments to get W7 updated. Now I am having an issue with update > resolution. (Run apt-get update and repositories cannot be find, etc.) > So, this tells me that I have messed up my dns resolution. > > All clients (W7 & linux) point to my DC for DNS nameserver. > > All clients (W7 & linux) have statis ip addresses. > > Here are some files from my DC: > > root at dc01:~# cat /etc/hosts > 127.0.0.1 localhost > 192.168.16.54 dc01.dtshrm.lan dc01 > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > root at dc01:~# cat /etc/network/interfaces > # This file describes the network interfaces available on your system > # and how to activate them. For more information, see interfaces(5). > > # The loopback network interface > auto lo > iface lo inet loopback > > # The primary network interface > allow-hotplug eth0 > iface eth0 inet static > address 192.168.16.54 > netmask 255.255.255.0 > network 192.168.16.0 > broadcast 192.168.16.255 > gateway 192.168.16.106 > # dns-* options are implemented by the resolvconf package, if installed > dns-nameservers 208.67.222.222 > dns-search dtshrm.local > root at dc01:~# cat /etc/resolv.conf > search dtshrm.local > domain dtshrm.local > nameserver 192.168.16.54 > root at dc01:~# cat /etc/samba/smb.conf > # Global parameters > [global] > workgroup = DTSHRM > realm = DTSHRM.LAN > netbios name = DC01 > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = yes > > [netlogon] > path = /var/lib/samba/sysvol/dtshrm.lan/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > Shouldn't there be a dns forwarder within the smb.conf file?No, because you are using bind9, but there should be forwards in your bind config files, how have you set up bind ?? Rowland> > Please tell me where I made my error.
Hello Bob, Am 19.01.2015 um 21:04 schrieb Bob of Donelson Trophy:> Last week had an issue with W7 client could not update. I made some > adjustments to get W7 updated. Now I am having an issue with update > resolution. (Run apt-get update and repositories cannot be find, etc.) > So, this tells me that I have messed up my dns resolution.* Where did you do the adjustments? On your DNS/DC? Or on the Windows clients? * What kind of adjustments? * Can the Windows clients resolve DNS requests? > nslookup www.google.com> root at dc01:~# cat /etc/samba/smb.conf > # Global parameters > [global] > workgroup = DTSHRM > realm = DTSHRM.LAN > netbios name = DC01 > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = yes > ... > > Shouldn't there be a dns forwarder within the smb.conf file?If you use the internal DNS, then yes. https://wiki.samba.org/index.php/Samba_Internal_DNS#Configuration But I see no 'dns' entry in your 'server services' line. This indicates, that Samba uses BIND_DLZ and not the internal DNS. What DNS backend have you setup? Regards, Marc
On 19/01/15 20:14, Bob of Donelson Trophy wrote:> > My DC was installed with one of Louis' scripts. So, yes, bind9 was > setup and working. > >OK, so what is in /etc/bind/named.conf.options ? Rowland
Here yau go:
root at dc01:~# cat /etc/bind/named.conf.options
// Defined ACL Begin
acl thisserverip {
192.168.16.54;
};
acl all-networks {
192.168.16.0/24;
};
// Defined ACL End
options {
directory "/var/cache/bind";
version "0.0.7";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
208.67.222.222; 208.67.220.220;
};
//======================================================================= // If
BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//=======================================================================
dnssec-validation auto;
auth-nxdomain yes; # conform to RFC1035 =no
listen-on-v6 { none; };
listen-on port 53 { "thisserverip"; 127.0.0.1; };
notify no;
empty-zones-enable no;
// Add any subnets or hosts you want to allow to use this DNS server
allow-query { "all-networks"; 127.0.0.1/32; };
// Add any subnets or hosts you want to allow to use recursive queries
allow-recursion { "all-networks"; 127.0.0.1/32; };
// https://wiki.samba.org/index.php/Dns-backend_bind
// DNS dynamic updates via Kerberos (optional, but recommended)
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
---
-------------------------
Bob Wooden of Donelson Trophy
615.885.2846 (main)
www.donelsontrophy.com [1]
"Everyone deserves an award!!"
On 2015-01-19 14:16, Rowland Penny wrote:
> On 19/01/15 20:14, Bob of Donelson Trophy wrote:
>
>> My DC was installed with one of Louis' scripts. So, yes, bind9 was
setup and working.
>
> OK, so what is in /etc/bind/named.conf.options ?
>
> Rowland
Links:
------
[1] http://www.donelsontrophy.com