Hi all, We're in the process of rolling out Samba4 on our network, with Active Directory and I've been re-configuring the Linux workstations that currently were joined to the old NT4-style domain. It hit me in particular when I read this bit:> Local hostname resolution > > During the Domain join, Samba tries to register/update the hosts name and IP in your AD DNS. This requires that "net" can resolve both, either via DNS or /etc/hosts. To verify, run > > # getent hosts M1 > 10.99.0.5 M1.samdom.example.com M1 > > The commands output must show the correct LAN interface IP (not 127.*.*.*!) and the hostname including the AD DNS zone. Additional alias names are optional. If you get a different output, fix it in your DNS or by adding/changing the /etc/hosts entry: > > 10.99.0.5 M1.samdom.example.com M1(source https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member) Now to proceed I just put in the IP address of the workstation at the time into /etc/hosts, but it feels wrong doing it this way. This will work for now but I expect this will change sometime. The machine is not a server, it just needs winbind for local user logins. It doesn't seem to join without me putting that entry in /etc/hosts. I haven't tried removing it (following the domain join) to see if it still works. What is the correct procedure here? -- _ ___ Stuart Longland - Systems Engineer \ /|_) | T: +61 7 3535 9619 \/ | \ | 38b Douglas Street F: +61 7 3535 9699 SYSTEMS Milton QLD 4064 http://www.vrt.com.au
On 14/02/16 03:38, Stuart Longland wrote:> Hi all, > > We're in the process of rolling out Samba4 on our network, with Active > Directory and I've been re-configuring the Linux workstations that > currently were joined to the old NT4-style domain. > > It hit me in particular when I read this bit: >> Local hostname resolution >> >> During the Domain join, Samba tries to register/update the hosts name and IP in your AD DNS. This requires that "net" can resolve both, either via DNS or /etc/hosts. To verify, run >> >> # getent hosts M1 >> 10.99.0.5 M1.samdom.example.com M1 >> >> The commands output must show the correct LAN interface IP (not 127.*.*.*!) and the hostname including the AD DNS zone. Additional alias names are optional. If you get a different output, fix it in your DNS or by adding/changing the /etc/hosts entry: >> >> 10.99.0.5 M1.samdom.example.com M1 > (source https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member) > > Now to proceed I just put in the IP address of the workstation at the > time into /etc/hosts, but it feels wrong doing it this way. This will > work for now but I expect this will change sometime. > > The machine is not a server, it just needs winbind for local user logins. > > It doesn't seem to join without me putting that entry in /etc/hosts. I > haven't tried removing it (following the domain join) to see if it still > works. > > What is the correct procedure here?It all depends on how your Unix workstations get their dns info, you need the line in /etc/hosts if they use a fixed ip, but if they get their dns info from dhcp, you don't. If you do use dhcp, you must ensure that the dhcp server sends the correct info. To show this, from this netbook that uses dhcp and is joined to a domain: rowland at debnet:~$ getent hosts debnet 192.168.0.128 debnet.samdom.example.com and /etc/hosts only contains this: rowland at debnet:~$ cat /etc/hosts 127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters If your Unix workstations are running Ubuntu (and possibly other OS), you may find a line starting '127.0.1.1', if so, remove it and stop network-manager using dnsmasq. Also note that 127.0.0.1 must only point to 'localhost'. Rowland
On 14/02/16 19:40, Rowland penny wrote:> On 14/02/16 03:38, Stuart Longland wrote: >> It doesn't seem to join without me putting that entry in /etc/hosts. I >> haven't tried removing it (following the domain join) to see if it still >> works. >> >> What is the correct procedure here? > > It all depends on how your Unix workstations get their dns info, you > need the line in /etc/hosts if they use a fixed ip, but if they get > their dns info from dhcp, you don't. > If you do use dhcp, you must ensure that the dhcp server sends the > correct info.Okay, well they do resolve via dynamic DNS to a hostname. That was working prior to the move to ActiveDirectory.> To show this, from this netbook that uses dhcp and is joined to a domain: > > rowland at debnet:~$ getent hosts debnet > 192.168.0.128 debnet.samdom.example.comNow this might be a fly in the ointment. For us, the DHCP domain is dhcp.office.example.com, whereas the active directory domain is activedirectory.office.example.com. DHCP/DNS there is traditional ISC DHCPd/ISC BIND. I suppose this means that I'll need to configure dhcp to talk to ActiveDirectory to update DNS?> and /etc/hosts only contains this: > > rowland at debnet:~$ cat /etc/hosts > 127.0.0.1 localhost > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > If your Unix workstations are running Ubuntu (and possibly other OS), > you may find a line starting '127.0.1.1', if so, remove it and stop > network-manager using dnsmasq. Also note that 127.0.0.1 must only point > to 'localhost'.Ahh, fun stuff, yes, most of them are Ubuntu systems. I have a laptop here running Debian (and my personal one with Gentoo) but most systems are Ubuntu. Regards, -- _ ___ Stuart Longland - Systems Engineer \ /|_) | T: +61 7 3535 9619 \/ | \ | 38b Douglas Street F: +61 7 3535 9699 SYSTEMS Milton QLD 4064 http://www.vrt.com.au