On 01/09/2020 18:48, Peter Pollock wrote:> 192.168.1.11 was from a time we tried to increase the number of > available IP's by adding a virtual IP in Zentyal for the server to > listen on. It never worked and now Zentyal won't let me remove it, due > to not being able to save changes.You really need to fix this. You have two ethernet cards, eth0 & eth1, do you really need two, could one be removed ? If it cannot and you only need one, you need to change the 'interfaces' to only use the one you want.> > We do use .local because Microsoft small business server, which we > were playing with before we started down this route automatically > suggested we use the .local extension for internal domains, which we > stupidly trusted. As far as I can tell Avahi is not running. >Yes, they rather stupidly used to do that, though they now suggest that it isn't a good idea, but its a bit late now, just never use Avahi on any Linux machines and don't add any Apple machines to the domain ;-) Some suggestions: remove the 'luke' line from /etc/hosts . DNS should find this Remove these lines from smb.conf: server role check:inhibit = yes server signing = auto dsdb:schema update allowed = yes winbind enum users = yes winbind enum groups = yes rpc server dynamic port range = 49152-65535 Change this line: interfaces = lo,eth0,eth0:eth2,eth0:eth2,eth1 To this: interfaces = lo,eth0 Try the Bind9 files I posted earlier install a couple of packages that don't seem to be installed: attr libpam-krb5 Rowland
Thanks Rowland. I'll try out those changes tonight. The two cards are necessary because I this is my gateway machine. One card connects to the internet router on 10.1.10.80 and the other connect to the local lan. <avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free. avg.com <avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> On Tue, Sep 1, 2020 at 11:42 AM Rowland penny via samba < samba at lists.samba.org> wrote:> On 01/09/2020 18:48, Peter Pollock wrote: > > 192.168.1.11 was from a time we tried to increase the number of > > available IP's by adding a virtual IP in Zentyal for the server to > > listen on. It never worked and now Zentyal won't let me remove it, due > > to not being able to save changes. > > You really need to fix this. You have two ethernet cards, eth0 & eth1, > do you really need two, could one be removed ? > > If it cannot and you only need one, you need to change the 'interfaces' > to only use the one you want. > > > > > We do use .local because Microsoft small business server, which we > > were playing with before we started down this route automatically > > suggested we use the .local extension for internal domains, which we > > stupidly trusted. As far as I can tell Avahi is not running. > > > Yes, they rather stupidly used to do that, though they now suggest that > it isn't a good idea, but its a bit late now, just never use Avahi on > any Linux machines and don't add any Apple machines to the domain ;-) > > Some suggestions: > > remove the 'luke' line from /etc/hosts . DNS should find this > > Remove these lines from smb.conf: > > server role check:inhibit = yes > > server signing = auto > > dsdb:schema update allowed = yes > > winbind enum users = yes > > winbind enum groups = yes > > rpc server dynamic port range = 49152-65535 > > Change this line: > > interfaces = lo,eth0,eth0:eth2,eth0:eth2,eth1 > > To this: > > interfaces = lo,eth0 > > Try the Bind9 files I posted earlier > > install a couple of packages that don't seem to be installed: attr > libpam-krb5 > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: lists.samba.org/mailman/options/samba >
On 01/09/2020 20:17, Peter Pollock wrote:> Thanks Rowland. > > I'll try out those changes tonight. > > The two cards are necessary because I this is my gateway machine. One > card connects to the internet router on 10.1.10.80 and the other > connect to the local lan.I personally do not think that is a good idea, we do not recommend using a DC as a fileserver, never mind using one as a gateway device. The more I hear about your setup, the more I think you should start again, this time using something like 'ad.kingschristian.org' (you appear to own 'kingschristian.org') for the AD domain, along with the '10.1' ip range. Your main problem would be the timing of all this, I don't know about you, but the start of September is the start of the new school year here in the UK. Rowland