Jonathan S. Fisher
2015-Dec-07 18:04 UTC
[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
Hey Rowland, be kind and avoid passive aggressive comments. I'm just looking to try and get this to work, thanks. If I knew everything already, I wouldn't be here asking questions and trying to solve my own problem. I appreciate your help so far, but if you don't have anything nice say, please just ignore this thread. So: jonathan.fisher at freeradius:~$ sudo hostname -y hostname: Local domain name not set jonathan.fisher at freeradius:~$ sudo hostname -d windows.corp.springventuregroup.com jonathan.fisher at freeradius:~$ sudo hostname -f freeradius.windows.corp.springventuregroup.com Unfortunately, since this box is an LXC container, I can't run the syctl command: jonathan.fisher at freeradius:~$ sysctl -w kernel.domainname=" windows.corp.XXX.com" sysctl: permission denied on key 'kernel.domainname' We're good here: jonathan.fisher at freeradius:~$ cat /etc/hostname freeradiusjonathan.fisher at freeradius:~$ So I added dns proxy = true No dice, same output as before. Made this change: jonathan.fisher at freeradius:~$ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN domain windows.corp.springventuregroup.com search windows.corp.pringventuregroupcom nameserver 192.168.127.131 nameserver 192.168.112.4 Also the same output, but this message popped up after restarting samba: jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd restart && sudo service sernet-samba-nmbd restart && sudo service sernet-samba-smbd restart sudo: unable to resolve host freeradius Shutting down SAMBA winbindd : * Starting SAMBA winbindd : * sudo: unable to resolve host freeradius Shutting down SAMBA nmbd : * Starting SAMBA nmbd : * sudo: unable to resolve host freeradius Shutting down SAMBA smbd : * Starting SAMBA smbd : * No idea if that's relevant... So I undid the resolv.conf change, and here's the output of testparam: jonathan.fisher at freeradius:~$ testparm -v | grep net Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions netbios name = FREERADIUS netbios aliases netbios scope disable netbios = No dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver Sigh... thanks. I'm appreciate your patience and your help. On Fri, Dec 4, 2015 at 3:33 AM, Rowland penny <rpenny at samba.org> wrote:> On 04/12/15 09:21, Sven Schwedas wrote: > >> On 2015-12-04 10:11, Rowland penny wrote: >> >>> I still think it is his weird dns setup, were he has a dnsmasq server >>> replicating what the DCs know (or is supposed to). I think the sheer >>> fact that he didn't know what lmhosts is, says a lot. >>> >> We're using such a setup in production without any problems. How about >> less wild blind guessing and user shaming, and more actual help? >> >> >> >> > Sven, you may be using a similar system, but it isn't recommended. The OP > is having problems getting a Samba domain member working, I have tried to > point him in the direction of a known working set up, once he has this > working, what he does with it, is up to him. He may be able to use the > dnsmasq server, I don't know, but if he has a working system and it stops > working when he adds in the dnsmasq server, he will know where to look, > won't he! > > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Email Confidentiality Notice: The information contained in this transmission is confidential, proprietary or privileged and may be subject to protection under the law, including the Health Insurance Portability and Accountability Act (HIPAA). The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this email and delete the material from any computer.
Rowland penny
2015-Dec-07 18:23 UTC
[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
On 07/12/15 18:04, Jonathan S. Fisher wrote:> Hey Rowland, be kind and avoid passive aggressive comments. I'm just > looking to try and get this to work, thanks. If I knew everything > already, I wouldn't be here asking questions and trying to solve my > own problem. I appreciate your help so far, but if you don't have > anything nice say, please just ignore this thread.If I upset you, I apologise, but I was posting what I was thinking, you are trying to get Samba working with a strange setup and you do not seem to want to take advice. Get it working in a known way and then adapt it to your network.> > So: > jonathan.fisher at freeradius:~$ sudo hostname -y > hostname: Local domain name not set > jonathan.fisher at freeradius:~$ sudo hostname -d > windows.corp.springventuregroup.com > <http://windows.corp.springventuregroup.com> > jonathan.fisher at freeradius:~$ sudo hostname -f > freeradius.windows.corp.springventuregroup.com > <http://freeradius.windows.corp.springventuregroup.com> > > Unfortunately, since this box is an LXC container, I can't run the > syctl command: > jonathan.fisher at freeradius:~$ sysctl -w > kernel.domainname="windows.corp.XXX.com <http://windows.corp.XXX.com>" > sysctl: permission denied on key 'kernel.domainname' >And this is (as far as I can remember) the first time you have mentioned that you are using an LXC container, could this have something to do with your problem? Is there any way you could setup a client on bare metal and once you have got this working, base your LXC setup on this. Normally getting a Unix client to work with an AD DC is fairly easy, as long as you are aware of the pitfalls. Rowland> We're good here: > jonathan.fisher at freeradius:~$ cat /etc/hostname > freeradiusjonathan.fisher at freeradius:~$ > > So I added > dns proxy = true > > No dice, same output as before. > > Made this change: > jonathan.fisher at freeradius:~$ cat /etc/resolv.conf > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by > resolvconf(8) > # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN > domain windows.corp.springventuregroup.com > <http://windows.corp.springventuregroup.com> > search windows.corp.pringventuregroupcom > nameserver 192.168.127.131 > nameserver 192.168.112.4 > > Also the same output, but this message popped up after restarting samba: > jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd > restart && sudo service sernet-samba-nmbd restart && sudo service > sernet-samba-smbd restart > sudo: unable to resolve host freeradius > Shutting down SAMBA winbindd : * > Starting SAMBA winbindd : * > sudo: unable to resolve host freeradius > Shutting down SAMBA nmbd : * > Starting SAMBA nmbd : * > sudo: unable to resolve host freeradius > Shutting down SAMBA smbd : * > Starting SAMBA smbd : * > > No idea if that's relevant... > > So I undid the resolv.conf change, and here's the output of testparam: > > jonathan.fisher at freeradius:~$ testparm -v | grep net > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Loaded services file OK. > Server role: ROLE_DOMAIN_MEMBER > > Press enter to see a dump of your service definitions > > netbios name = FREERADIUS > netbios aliases > netbios scope > disable netbios = No > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, > lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, > backupkey, dnsserver > > Sigh... thanks. I'm appreciate your patience and your help. > >
mathias dufresne
2015-Dec-09 15:34 UTC
[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
Hi Jonathan, You wrote: domain windows.corp.springventuregroup.com search windows.corp.*pringventuregroupcom* nameserver 192.168.127.131 nameserver 192.168.112.4 Is this a typo error when copying the content or is it a content error in your resolv.conf? If you really have that "search" line in your resolv.conf it would be logical that rsetarting Samba services you get the error "unable to resolve host freeradius" as it will be extended in: freeradius.windows.corp.pringventuregroupcom rather than: freeradius.windows.corp.springventuregroup.com If this is not a typo error I would check the "resolvconf" configuration or remove the use of that tool (temporarily or not) on that box. If this is not a typo, I'm puzzled... Hoping for you to get a solution, mathias 2015-12-07 19:04 GMT+01:00 Jonathan S. Fisher < jonathan at springventuregroup.com>:> Hey Rowland, be kind and avoid passive aggressive comments. I'm just > looking to try and get this to work, thanks. If I knew everything already, > I wouldn't be here asking questions and trying to solve my own problem. I > appreciate your help so far, but if you don't have anything nice say, > please just ignore this thread. > > So: > jonathan.fisher at freeradius:~$ sudo hostname -y > hostname: Local domain name not set > jonathan.fisher at freeradius:~$ sudo hostname -d > windows.corp.springventuregroup.com > jonathan.fisher at freeradius:~$ sudo hostname -f > freeradius.windows.corp.springventuregroup.com > > Unfortunately, since this box is an LXC container, I can't run the syctl > command: > jonathan.fisher at freeradius:~$ sysctl -w kernel.domainname=" > windows.corp.XXX.com" > sysctl: permission denied on key 'kernel.domainname' > > We're good here: > jonathan.fisher at freeradius:~$ cat /etc/hostname > freeradiusjonathan.fisher at freeradius:~$ > > So I added > dns proxy = true > > No dice, same output as before. > > Made this change: > jonathan.fisher at freeradius:~$ cat /etc/resolv.conf > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by > resolvconf(8) > # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN > domain windows.corp.springventuregroup.com > search windows.corp.pringventuregroupcom > nameserver 192.168.127.131 > nameserver 192.168.112.4 > > Also the same output, but this message popped up after restarting samba: > jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd restart > && > sudo service sernet-samba-nmbd restart && sudo service sernet-samba-smbd > restart > sudo: unable to resolve host freeradius > Shutting down SAMBA winbindd : * > Starting SAMBA winbindd : * > sudo: unable to resolve host freeradius > Shutting down SAMBA nmbd : * > Starting SAMBA nmbd : * > sudo: unable to resolve host freeradius > Shutting down SAMBA smbd : * > Starting SAMBA smbd : * > > No idea if that's relevant... > > So I undid the resolv.conf change, and here's the output of testparam: > > jonathan.fisher at freeradius:~$ testparm -v | grep net > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Loaded services file OK. > Server role: ROLE_DOMAIN_MEMBER > > Press enter to see a dump of your service definitions > > netbios name = FREERADIUS > netbios aliases > netbios scope > disable netbios = No > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, > lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, > dnsserver > > Sigh... thanks. I'm appreciate your patience and your help. > > > On Fri, Dec 4, 2015 at 3:33 AM, Rowland penny <rpenny at samba.org> wrote: > > > On 04/12/15 09:21, Sven Schwedas wrote: > > > >> On 2015-12-04 10:11, Rowland penny wrote: > >> > >>> I still think it is his weird dns setup, were he has a dnsmasq server > >>> replicating what the DCs know (or is supposed to). I think the sheer > >>> fact that he didn't know what lmhosts is, says a lot. > >>> > >> We're using such a setup in production without any problems. How about > >> less wild blind guessing and user shaming, and more actual help? > >> > >> > >> > >> > > Sven, you may be using a similar system, but it isn't recommended. The OP > > is having problems getting a Samba domain member working, I have tried to > > point him in the direction of a known working set up, once he has this > > working, what he does with it, is up to him. He may be able to use the > > dnsmasq server, I don't know, but if he has a working system and it stops > > working when he adds in the dnsmasq server, he will know where to look, > > won't he! > > > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > Email Confidentiality Notice: The information contained in this > transmission is confidential, proprietary or privileged and may be subject > to protection under the law, including the Health Insurance Portability and > Accountability Act (HIPAA). The message is intended for the sole use of the > individual or entity to whom it is addressed. If you are not the intended > recipient, you are notified that any use, distribution or copying of the > message is strictly prohibited and may subject you to criminal or civil > penalties. If you received this transmission in error, please contact the > sender immediately by replying to this email and delete the material from > any computer. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Jonathan S. Fisher
2015-Dec-09 19:03 UTC
[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
Here's a random question... would it matter if our domain has trust relationships setup? *Jonathan S. Fisher* *VP - Information Technology* *Spring Venture Group* On Wed, Dec 9, 2015 at 9:34 AM, mathias dufresne <infractory at gmail.com> wrote:> Hi Jonathan, > > You wrote: > domain windows.corp.springventuregroup.com > search windows.corp.*pringventuregroupcom* > nameserver 192.168.127.131 > nameserver 192.168.112.4 > > Is this a typo error when copying the content or is it a content error in > your resolv.conf? > > If you really have that "search" line in your resolv.conf it would be > logical that rsetarting Samba services you get the error "unable to resolve > host freeradius" as it will be extended in: > freeradius.windows.corp.pringventuregroupcom > rather than: > freeradius.windows.corp.springventuregroup.com > > If this is not a typo error I would check the "resolvconf" configuration > or remove the use of that tool (temporarily or not) on that box. > > If this is not a typo, I'm puzzled... > > Hoping for you to get a solution, > > mathias > > 2015-12-07 19:04 GMT+01:00 Jonathan S. Fisher < > jonathan at springventuregroup.com>: > >> Hey Rowland, be kind and avoid passive aggressive comments. I'm just >> looking to try and get this to work, thanks. If I knew everything already, >> I wouldn't be here asking questions and trying to solve my own problem. I >> appreciate your help so far, but if you don't have anything nice say, >> please just ignore this thread. >> >> So: >> jonathan.fisher at freeradius:~$ sudo hostname -y >> hostname: Local domain name not set >> jonathan.fisher at freeradius:~$ sudo hostname -d >> windows.corp.springventuregroup.com >> jonathan.fisher at freeradius:~$ sudo hostname -f >> freeradius.windows.corp.springventuregroup.com >> >> Unfortunately, since this box is an LXC container, I can't run the syctl >> command: >> jonathan.fisher at freeradius:~$ sysctl -w kernel.domainname=" >> windows.corp.XXX.com" >> sysctl: permission denied on key 'kernel.domainname' >> >> We're good here: >> jonathan.fisher at freeradius:~$ cat /etc/hostname >> freeradiusjonathan.fisher at freeradius:~$ >> >> So I added >> dns proxy = true >> >> No dice, same output as before. >> >> Made this change: >> jonathan.fisher at freeradius:~$ cat /etc/resolv.conf >> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by >> resolvconf(8) >> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN >> domain windows.corp.springventuregroup.com >> search windows.corp.pringventuregroupcom >> nameserver 192.168.127.131 >> nameserver 192.168.112.4 >> >> Also the same output, but this message popped up after restarting samba: >> jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd restart >> && >> sudo service sernet-samba-nmbd restart && sudo service sernet-samba-smbd >> restart >> sudo: unable to resolve host freeradius >> Shutting down SAMBA winbindd : * >> Starting SAMBA winbindd : * >> sudo: unable to resolve host freeradius >> Shutting down SAMBA nmbd : * >> Starting SAMBA nmbd : * >> sudo: unable to resolve host freeradius >> Shutting down SAMBA smbd : * >> Starting SAMBA smbd : * >> >> No idea if that's relevant... >> >> So I undid the resolv.conf change, and here's the output of testparam: >> >> jonathan.fisher at freeradius:~$ testparm -v | grep net >> Load smb config files from /etc/samba/smb.conf >> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) >> Loaded services file OK. >> Server role: ROLE_DOMAIN_MEMBER >> >> Press enter to see a dump of your service definitions >> >> netbios name = FREERADIUS >> netbios aliases >> netbios scope >> disable netbios = No >> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, >> lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, >> backupkey, >> dnsserver >> >> Sigh... thanks. I'm appreciate your patience and your help. >> >> >> On Fri, Dec 4, 2015 at 3:33 AM, Rowland penny <rpenny at samba.org> wrote: >> >> > On 04/12/15 09:21, Sven Schwedas wrote: >> > >> >> On 2015-12-04 10:11, Rowland penny wrote: >> >> >> >>> I still think it is his weird dns setup, were he has a dnsmasq server >> >>> replicating what the DCs know (or is supposed to). I think the sheer >> >>> fact that he didn't know what lmhosts is, says a lot. >> >>> >> >> We're using such a setup in production without any problems. How about >> >> less wild blind guessing and user shaming, and more actual help? >> >> >> >> >> >> >> >> >> > Sven, you may be using a similar system, but it isn't recommended. The >> OP >> > is having problems getting a Samba domain member working, I have tried >> to >> > point him in the direction of a known working set up, once he has this >> > working, what he does with it, is up to him. He may be able to use the >> > dnsmasq server, I don't know, but if he has a working system and it >> stops >> > working when he adds in the dnsmasq server, he will know where to look, >> > won't he! >> > >> > >> > Rowland >> > >> > -- >> > To unsubscribe from this list go to the following URL and read the >> > instructions: https://lists.samba.org/mailman/options/samba >> > >> >> -- >> Email Confidentiality Notice: The information contained in this >> transmission is confidential, proprietary or privileged and may be subject >> to protection under the law, including the Health Insurance Portability >> and >> Accountability Act (HIPAA). The message is intended for the sole use of >> the >> individual or entity to whom it is addressed. If you are not the intended >> recipient, you are notified that any use, distribution or copying of the >> message is strictly prohibited and may subject you to criminal or civil >> penalties. If you received this transmission in error, please contact the >> sender immediately by replying to this email and delete the material from >> any computer. >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >-- Email Confidentiality Notice: The information contained in this transmission is confidential, proprietary or privileged and may be subject to protection under the law, including the Health Insurance Portability and Accountability Act (HIPAA). The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this email and delete the material from any computer.
Reasonably Related Threads
- After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
- After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
- After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
- After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
- After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command