> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: maandag 11 september 2017 18:50 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] File server questions > > On Mon, 11 Sep 2017 13:08:16 -0300 > Flávio Silveira via samba <samba at lists.samba.org> wrote: > > > My question is actually if I have to deal with the hosting > company DNS > > zones or not, because 'tecnopon.com.br' is hosted there, my guess, > > giving Louis's answer and yours, is I don't need to. > > As you will only be forwarding unknown requests (such as > www.google.com) to your hosting company, you do not have to > deal with their dns servers at all. > > > > > Also, I am currently using a DHCP Server to give static IPs > based on > > mac address, I guess I don't need to set the ip manually if I use > > something like "method 3" described in [1] to prevent > /etc/resolv.conf > > updates, what do you think? > > > > [1]: https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf > > > > Never really understood using dhcp for fixed ipaddresses, > well possibly for one or two machines, but even then, what is > the point ? > I would give a fixed IP to all the machines that should have > one (servers, printers etc). Then for any other machines that > can and should have a dhcp IP (laptops etc), create a pool > based around the fixed machines. This way, you can tell, just > from the IP, just what the machine is likely to be. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaWhen i look at that link, https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf Then only option 1 is the "real" correct one. Imho. Option 2, and options 3 are masking a configuration errors. If you want to use dhcp with servers, sure possible, no problem at all, but not recommended. Now have a look at : /etc/dhcp/dhclient.conf That shows, something like this ( the default on debian ) option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; send host-name = gethostname(); request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, domain-search, host-name, dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes, ntp-servers; DHCP Server requests. : ( involving your points. ) domain-name, domain-name-servers, domain-search ( ntp-servers and time-offset are also very important ) As long as the dhcp server sends the correct info here, you resolv.conf is always correct. The search setting should be : ad.tecnopon.com.br You need the domain-name so you have the correct zone for name server changes. (ad.tecnopon.com.br) You need the domain-search so you can resolv hostname -s and hostname -f within the same domain. (ad.tecnopon.com.br) If you also use resolvconf then add the needed options, for example if you have a proxy server with bind, Then resolvconf is the best options, because you can add named_options and named_zones, Which can be handy for the external zones. ( you can add a forward zone in bind for the internet zone.) Should not be needed but also here, can be handy, this all depending on you setup. But key here is, if you rebooted you server and your resolv.conf settings are wrong, then you have a setting in dhcp thats incorrect. ( or if resolvconf is installed, review /etc/network/interfaces ( missing dns- Since you have ips assigned by mac, review that config. Look in this file : cat /var/lib/dhcp/dhclient.eth0.leases ( if you interface is eth0, change to your interface name. ) And i agree with Rowland's suggestion to create pools, that makes is much better to handle these settings. So i suggest, review you dhcp server settings and dhcp client settings. That is, imo, the correct way to set this up. ( If you must use the dhcp server for the members. ) This wil also hold for the long run. Greetz, Louis
Em 12/09/2017 04:32, L.P.H. van Belle via samba escreveu:>> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Rowland Penny via samba >> Verzonden: maandag 11 september 2017 18:50 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] File server questions >> >> On Mon, 11 Sep 2017 13:08:16 -0300 >> Flávio Silveira via samba <samba at lists.samba.org> wrote: >> >>> My question is actually if I have to deal with the hosting >> company DNS >>> zones or not, because 'tecnopon.com.br' is hosted there, my guess, >>> giving Louis's answer and yours, is I don't need to. >> As you will only be forwarding unknown requests (such as >> www.google.com) to your hosting company, you do not have to >> deal with their dns servers at all. >> >>> Also, I am currently using a DHCP Server to give static IPs >> based on >>> mac address, I guess I don't need to set the ip manually if I use >>> something like "method 3" described in [1] to prevent >> /etc/resolv.conf >>> updates, what do you think? >>> >>> [1]: https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf >>> >> Never really understood using dhcp for fixed ipaddresses, >> well possibly for one or two machines, but even then, what is >> the point ? >> I would give a fixed IP to all the machines that should have >> one (servers, printers etc). Then for any other machines that >> can and should have a dhcp IP (laptops etc), create a pool >> based around the fixed machines. This way, you can tell, just >> from the IP, just what the machine is likely to be. >> >> Rowland >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > When i look at that link, https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf > Then only option 1 is the "real" correct one. Imho. > Option 2, and options 3 are masking a configuration errors. > > If you want to use dhcp with servers, sure possible, no problem at all, but not recommended. > Now have a look at : /etc/dhcp/dhclient.conf > > That shows, something like this ( the default on debian ) > > option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; > > send host-name = gethostname(); > request subnet-mask, broadcast-address, time-offset, routers, > domain-name, domain-name-servers, domain-search, host-name, > dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers, > netbios-name-servers, netbios-scope, interface-mtu, > rfc3442-classless-static-routes, ntp-servers; > > DHCP Server requests. : ( involving your points. ) > domain-name, domain-name-servers, domain-search > ( ntp-servers and time-offset are also very important ) > > As long as the dhcp server sends the correct info here, you resolv.conf is always correct. > The search setting should be : ad.tecnopon.com.br > You need the domain-name so you have the correct zone for name server changes. (ad.tecnopon.com.br) > You need the domain-search so you can resolv hostname -s and hostname -f within the same domain. (ad.tecnopon.com.br) > > If you also use resolvconf then add the needed options, for example if you have a proxy server with bind, > Then resolvconf is the best options, because you can add named_options and named_zones, > Which can be handy for the external zones. ( you can add a forward zone in bind for the internet zone.) > Should not be needed but also here, can be handy, this all depending on you setup. > > But key here is, if you rebooted you server and your resolv.conf settings are wrong, then you have a setting in dhcp thats incorrect. > ( or if resolvconf is installed, review /etc/network/interfaces ( missing dns- > Since you have ips assigned by mac, review that config. > Look in this file : cat /var/lib/dhcp/dhclient.eth0.leases > ( if you interface is eth0, change to your interface name. ) > > And i agree with Rowland's suggestion to create pools, that makes is much better to handle these settings. > So i suggest, review you dhcp server settings and dhcp client settings. > That is, imo, the correct way to set this up. ( If you must use the dhcp server for the members. ) > This wil also hold for the long run. > > > > Greetz, > > Louis > > >Thanks for the replies Rowland and Louis! Giving all that was said here is a snippet of what I have in /var/lib/dhcp/dhclient.enp2s0.leases Don't know why my interface is named enp2s0, but I only have one, this might be a driver thing. lease { interface "enp2s0"; fixed-address 192.168.11.6; option subnet-mask 255.255.255.0; option routers 192.168.11.1; option dhcp-lease-time 86400; option dhcp-message-type 5; option domain-name-servers 192.168.11.1; option dhcp-server-identifier 192.168.11.1; option domain-name "local"; renew 2 2017/09/12 15:28:36; rebind 3 2017/09/13 01:09:09; expire 3 2017/09/13 04:09:09; } This is the server that will be the AD DC, it currently is in client subnet (192.168.11.x) for testing, but I will put it in server subnet (192.168.13.x) when in production. I can't change these settings now as it will break the whole network, can I use the "method 3" from the link for now and manually edit /etc/resolv.conf and then when it is ready for production I drop that script and configure it properly into the DHCP Server? Speaking of AD DC tutorial, I've read it over and over and especifically the provisioning part, does this sound correct? samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm=AD.TECNOPON.COM.BR --domain=AD --adminpass=mypass --option="interfaces=lo enp2s0" --option="bind interfaces only=yes" --option="dns forwarder=192.168.11.1" If I understand correctly, domain is what will be NetBIOS Name, right? What about Hostname? How do I set it in non-interactive mode? It seems it isn't possible to set it also in interactive mode, as shown in the example from the tutorial:> # samba-tool domain provision --use-rfc2307 --interactive > Realm [SAMDOM.EXAMPLE.COM]: SAMDOM.EXAMPLE.COM > Domain [SAMDOM]: SAMDOM > Server Role (dc, member, standalone) [dc]: dc > DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: SAMBA_INTERNAL > DNS forwarder IP address (write 'none' to disable forwarding) [10.99.0.1]: 8.8.8.8 > Administrator password: Passw0rd > Retype password: Passw0rd > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up share.ldb > Setting up secrets.ldb > Setting up the registry > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > Adding DomainDN: DC=samdom,DC=example,DC=com > Adding configuration container > Setting up sam.ldb schema > Setting up sam.ldb configuration data > Setting up display specifiers > Modifying display specifiers > Adding users container > Modifying users container > Adding computers container > Modifying computers container > Setting up sam.ldb data > Setting up well known security principals > Setting up sam.ldb users and groups > Setting up self join > Adding DNS accounts > Creating CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com > Creating DomainDnsZones and ForestDnsZones partitions > Populating DomainDnsZones and ForestDnsZones partitions > Setting up sam.ldb rootDSE marking as synchronized > Fixing provision GUIDs > A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf > Setting up fake yp server settings > Once the above files are installed, your Samba4 server will be ready to use > Server Role: active directory domain controller > Hostname: DC1 > NetBIOS Domain: SAMDOM > DNS Domain: samdom.example.com > DOMAIN SID: S-1-5-21-2614513918-2685075268-614796884Where DC1 came from? Can I use that as NetBIOS Name? Regards, Flavio Silveira
On Tue, 12 Sep 2017 10:40:50 -0300 Flávio Silveira via samba <samba at lists.samba.org> wrote:> Thanks for the replies Rowland and Louis! > > Giving all that was said here is a snippet of what I have in > /var/lib/dhcp/dhclient.enp2s0.leases > > Don't know why my interface is named enp2s0, but I only have one, > this might be a driver thing.No, it is a systemd thing.> > lease { > interface "enp2s0"; > fixed-address 192.168.11.6; > option subnet-mask 255.255.255.0; > option routers 192.168.11.1; > option dhcp-lease-time 86400; > option dhcp-message-type 5; > option domain-name-servers 192.168.11.1; > option dhcp-server-identifier 192.168.11.1; > option domain-name "local"; > renew 2 2017/09/12 15:28:36; > rebind 3 2017/09/13 01:09:09; > expire 3 2017/09/13 04:09:09; > } > > This is the server that will be the AD DC, it currently is in client > subnet (192.168.11.x) for testing, but I will put it in server subnet > (192.168.13.x) when in production. > > I can't change these settings now as it will break the whole network, > can I use the "method 3" from the link for now and manually edit > /etc/resolv.conf and then when it is ready for production I drop that > script and configure it properly into the DHCP Server?Not sure, I run a DHCP server on my DC, but not in the way you are proposing, see the Samba wiki for more info.> > Speaking of AD DC tutorial, I've read it over and over and > especifically the provisioning part, does this sound correct? > > samba-tool domain provision --server-role=dc --use-rfc2307 > --dns-backend=SAMBA_INTERNAL --realm=AD.TECNOPON.COM.BR --domain=AD > --adminpass=mypass --option="interfaces=lo enp2s0" --option="bind > interfaces only=yes" --option="dns forwarder=192.168.11.1"Yes, but the --server-role and --dns-backend are defaults and as such are not really required.> > If I understand correctly, domain is what will be NetBIOS Name, > right?Wrong, the domain name, also known as the workgroup, is really the NetBIOS domain name. This should not be confused with the NetBIOS name, which is the hosts short name in UPPERCASE. If you are confused, don't blame me or Samba, blame Microsoft, they came up with the names.> What about Hostname? How do I set it in non-interactive mode?You don't, Samba will set it for you from your shorthostname.> Where DC1 came from? Can I use that as NetBIOS Name?Yes, provided the output from 'hostname -s' is 'dc1' ;-) Rowland
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: dinsdag 12 september 2017 16:04 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] File server questions > > On Tue, 12 Sep 2017 10:40:50 -0300 > Flávio Silveira via samba <samba at lists.samba.org> wrote: > > > > Thanks for the replies Rowland and Louis! > > > > Giving all that was said here is a snippet of what I have in > > /var/lib/dhcp/dhclient.enp2s0.leases > > > > Don't know why my interface is named enp2s0, but I only > have one, this > > might be a driver thing. > > No, it is a systemd thing.Yep, and some good info here if you want your old names back. And why its used. https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/> > > > > lease { > > interface "enp2s0"; > > fixed-address 192.168.11.6; > > option subnet-mask 255.255.255.0; > > option routers 192.168.11.1; > > option dhcp-lease-time 86400; > > option dhcp-message-type 5; > > option domain-name-servers 192.168.11.1; > > option dhcp-server-identifier 192.168.11.1; > > option domain-name "local"; > > renew 2 2017/09/12 15:28:36; > > rebind 3 2017/09/13 01:09:09; > > expire 3 2017/09/13 04:09:09; > > } > > > > This is the server that will be the AD DC, it currently is > in client > > subnet (192.168.11.x) for testing, but I will put it in > server subnet > > (192.168.13.x) when in production. > > > > I can't change these settings now as it will break the > whole network, > > can I use the "method 3" from the link for now and manually edit > > /etc/resolv.conf and then when it is ready for production I > drop that > > script and configure it properly into the DHCP Server? > > Not sure, I run a DHCP server on my DC, but not in the way > you are proposing, see the Samba wiki for more info.Why not adjust the dhcp client reservation to : host dc1 { hardware ethernet DD:GH:DF:E5:F7:D7; fixed-address 192.168.11.6; option domain-name-servers 192.168.11.6,8.8.8.8; option domain-search "ad.tecnopon.com.br"; } The other settings are adapted from the dhcp pool its in. As install DNS is slow. But this is ok, for the install, once samba and dns is up, you wil notice some speedups in resolving. Due to the fact that at install, there is no dns (yet) at 192.168.11.6, the DC itself. That should work.> > > > > Speaking of AD DC tutorial, I've read it over and over and > > especifically the provisioning part, does this sound correct? > > > > samba-tool domain provision --server-role=dc --use-rfc2307 > > --dns-backend=SAMBA_INTERNAL --realm=AD.TECNOPON.COM.BR --domain=AD > > --adminpass=mypass --option="interfaces=lo enp2s0" --option="bind > > interfaces only=yes" --option="dns forwarder=192.168.11.1" > > Yes, but the --server-role and --dns-backend are defaults and > as such are not really required. > > > > > If I understand correctly, domain is what will be NetBIOS > Name, right? > > Wrong, the domain name, also known as the workgroup, is > really the NetBIOS domain name. This should not be confused > with the NetBIOS name, which is the hosts short name in UPPERCASE. > If you are confused, don't blame me or Samba, blame > Microsoft, they came up with the names. > > > What about Hostname? How do I set it in non-interactive mode? > > You don't, Samba will set it for you from your shorthostname. > > > Where DC1 came from? Can I use that as NetBIOS Name? > > Yes, provided the output from 'hostname -s' is 'dc1' ;-) > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Greetz, Louis