samba - Mar 2015 - Samba4 AD DC Implementation Report - YAY! And Thanks for the tools!

In my initial configuration using the provisioning tool I did not set
"interfaces" or "bind interfaces only" in the smb.conf, so
when I populated
the Bind9 DLZ file I ended up with several A records for my DC which were
IP address which cannot be accessed by other hosts on the network.

Deven

On Mon, Mar 16, 2015 at 1:06 PM, Rowland Penny <rowlandpenny at
googlemail.com>
wrote:
> On 16/03/15 16:39, Deven Phillips wrote:
>
>> Just wanted to say that everything is working fine, but I may have some
>> suggestions for better documentation once I am done tweaking...
>> Specifically, my server has docker and bridged networking so I ended up
>> with my DNS being populated with some useless IP addresses. Other than
>> that, everything seems to be hunky dorry!
>>
>> Thanks for the great tools!!!
>>
>> Deven
>>
>
> Hi, what exactly do you mean by 'DNS being populated with some useless
IP
> addresses', can you give an example ?
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 16/03/15 17:29, Deven Phillips wrote:
> In my initial configuration using the provisioning tool I did not set 
> "interfaces" or "bind interfaces only" in the smb.conf,
so when I
> populated the Bind9 DLZ file I ended up with several A records for my 
> DC which were IP address which cannot be accessed by other hosts on 
> the network.
>
> Deven
>
>
Now even more mystified, I never set 'interfaces' or 'bind
interfaces
only' in smb.conf on a DC and I don't manually populate Bind9 myself, so
just how did you populate bind9 and with what and why can't your other 
hosts access these files.

Rowland

Following the instructions here:
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

In that page there is a link to using Bind as your DNS server, which links
to: https://wiki.samba.org/index.php/DNS_Backend_BIND

On that page, it instructs you to populate the DNS server with the command:

/usr/local/samba/sbin/samba_dnsupdate --verbose --all-names



Without the "interfaces" and the "bind interfaces only" it
will grab the IP
addresses of all configured interfaces and register them into DNS. This,
for my server, querying it for A records returned:

127.0.0.1 (loopback)
192.168.1.210 (br0 - LAN address)
192.168.122.1 (virtual network for KVM)
172.16.0.1 (Virtual network for Docker)

On the br0 interface is of any use to other hosts, so it caused me some
problems and I had to use samba-tool to remove the extra A records.

Deven



On Mon, Mar 16, 2015 at 1:44 PM, Rowland Penny <rowlandpenny at
googlemail.com>
wrote:
> On 16/03/15 17:29, Deven Phillips wrote:
>
>> In my initial configuration using the provisioning tool I did not set
>> "interfaces" or "bind interfaces only" in the
smb.conf, so when I populated
>> the Bind9 DLZ file I ended up with several A records for my DC which
were
>> IP address which cannot be accessed by other hosts on the network.
>>
>> Deven
>>
>>
>>
> Now even more mystified, I never set 'interfaces' or 'bind
interfaces
> only' in smb.conf on a DC and I don't manually populate Bind9
myself, so
> just how did you populate bind9 and with what and why can't your other
> hosts access these files.
>
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Hello Deven,

Am 16.03.2015 um 18:29 schrieb Deven Phillips:
> In my initial configuration using the provisioning tool I did not set
> "interfaces" or "bind interfaces only" in the smb.conf,
so when I populated
> the Bind9 DLZ file I ended up with several A records for my DC which were
> IP address which cannot be accessed by other hosts on the network.

Have you seen:

https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Provisioning_The_Samba_Active_Directory
> If your future Domain Controller has multiple NICs, the following two
> options are required. This is because ?samba-tool? would auto-choose
> one of the IPv4/IPv6 addresses if multiple interfaces were found,
> therefore it is necessary to bind Samba to the desired interfaces
> using
>
> --option="interfaces=lo eth0" --option="bind interfaces
only=yes"

Regards,
Marc

I guess I did miss that Marc! Anyhow, I just send the original message to
say Bravo Zulu on a job well done. I think that the provisioning
instructions for Samba4 AD DC work VERY well... There were no real
complaints other than the fact I had to do it 3 times to get the
instructions straight...

Deven

On Mon, Mar 16, 2015 at 2:50 PM, Marc Muehlfeld <mmuehlfeld at samba.org>
wrote:
> Hello Deven,
>
> Am 16.03.2015 um 18:29 schrieb Deven Phillips:
> > In my initial configuration using the provisioning tool I did not set
> > "interfaces" or "bind interfaces only" in the
smb.conf, so when I
> populated
> > the Bind9 DLZ file I ended up with several A records for my DC which
were
> > IP address which cannot be accessed by other hosts on the network.
>
>
> Have you seen:
>
>
>
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Provisioning_The_Samba_Active_Directory
>
> > If your future Domain Controller has multiple NICs, the following two
> > options are required. This is because ?samba-tool? would auto-choose
> > one of the IPv4/IPv6 addresses if multiple interfaces were found,
> > therefore it is necessary to bind Samba to the desired interfaces
> > using
> >
> > --option="interfaces=lo eth0" --option="bind interfaces
only=yes"
>
>
> Regards,
> Marc
>