> > On 13/09/2020 22:40, Carlos Jesus wrote: > > Hi Rowland, thank you for your help. > > I've added the include "/var/lib/samba/bind-dns/named.conf in > > /etc/bind/named.conf instead of named.conf.options. > Please don't do that, it isn't a good idea, use an 'include', that way > if something changes, it will still work. > >It IS an include. In named.conf with the other includes, but I've changed it.>> As for the link, here it goes. > > https://lists.samba.org/archive/samba/2019-July/224546.html > > Yes and that didn't end successfully :-\ > > Yeap. I noticed but still...> What did the Windows DC start out as ? 2008R2 or was it an earlier version > ? > > Straight Windows 2008R2> What was the full command you used to join the Samba DC to the Windows > domain ? > > I basically followedhttps://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory . The command was samba-tool domain join MyDomain.lx.pt DC -U"MyDomain\administrator"> Did you get any errors during the successful join ? > > Not after changing join.py> Can you go here: > https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh > > Download the script and run it on your Samba DC. > > sanitise the outpost and post it to this list.> >grep: /etc/samba/smb.conf: No such file or directory ./samba.sh: line 328: [: : integer expression expected DC2:/home/carlos# more /tmp/samba-debug-info.txt Collected config --- 2020-09-14-10:27 ----------- Hostname: DC2 DNS Domain: MyDomain.lx.pt FQDN: DC2.MyDomain.lx.pt ipaddress: 192.168.59.112 ----------- Kerberos SRV _kerberos._tcp.MyDomain.lx.pt record verified ok, sample output: Server: 192.168.59.112 Address: 192.168.59.112#53 _kerberos._tcp.MyDomain.lx.pt service = 0 100 88 dc2.MyDomain.lx.pt. Samba is running as an AD DC ----------- Checking file: /etc/os-release PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" ----------- This computer is running Debian 10.5 x86_64 ----------- running command : ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:15:5d:3b:6f:09 brd ff:ff:ff:ff:ff:ff inet 192.168.59.112/24 brd 192.168.59.255 scope global eth0 ----------- Checking file: /etc/hosts 127.0.0.1 localhost 192.168.59.112 DC2.MyDomain.lx.pt DC2 ----------- Checking file: /etc/resolv.conf domain MyDomain.lx.pt search MyDomain.lx.pt #nameserver 192.168.59.111 nameserver 192.168.59.112 ----------- Checking file: /etc/krb5.conf [libdefaults] default_realm = MyDomain.LX.PT dns_lookup_realm = false dns_lookup_kdc = true ----------- Checking file: /etc/nsswitch.conf passwd: files systemd winbind group: files systemd winbind shadow: files gshadow: files hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ----------- Checking file: /usr/local/samba/etc/smb.conf [global] netbios name = DC2 realm = MyDomain.LX.PT server role = active directory domain controller workgroup = MyDomain idmap_ldb:use rfc2307 = yes log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@ /var/log/samba/sam.log log file = /var/log/samba/samba.log server services = -dns winbind nss info = template template shell = /bin/bash template homedir = /home/%U server min protocol = SMB2 [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [netlogon] path = /usr/local/samba/var/locks/sysvol/MyDomain.lx.pt/scripts read only = No ----------- Detected bind DLZ enabled.. Checking file: /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; include "/usr/local/samba/bind-dns/named.conf"; ----------- Checking file: /etc/bind/named.conf.options acl internals { 127.0.0.0/8; 192.168.59.0/24; }; options { directory "/var/cache/bind"; version "Go Away 0.0.7"; notify no; empty-zones-enable no; auth-nxdomain yes; forwarders { 8.8.8.8; 8.8.4.4; }; allow-transfer { none; }; dnssec-validation no; dnssec-enable no; dnssec-lookaside no; listen-on-v6 { none; }; listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; }; minimal-responses yes; allow-query { "internals"; }; allow-query-cache { "internals"; }; recursion yes; allow-recursion { "internals"; }; tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab"; }; ----------- Checking file: /etc/bind/named.conf.local ----------- Checking file: /etc/bind/named.conf.default-zones zone "." { type hint; file "/usr/share/dns/root.hints"; }; zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; ----------- Samba DNS zone list: 3 zone(s) found pszZoneName : 59.168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.MyDomain.lx.pt pszZoneName : MyDomain.lx.pt Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.MyDomain.lx.pt pszZoneName : _msdcs.MyDomain.lx.pt Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.MyDomain.lx.pt Samba DNS zone list Automated check : zone : 59.168.192.in-addr.arpa ok, no Bind flat-files found ----------- zone : MyDomain.lx.pt ok, no Bind flat-files found ----------- zone : _msdcs.MyDomain.lx.pt ok, no Bind flat-files found ----------- Installed packages: ii acl 2.2.53-4 amd64 access control list - utilities ii attr 1:2.4.48-4 amd64 utilities for manipulating filesystem extended attributes ii bind9 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64 Internet Domain Name Server ii bind9-host 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64 DNS lookup utility (deprecated) ii bind9utils 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64 Utilities for BIND ii fonts-quicksand 0.2016-2 all sans-serif font with round attributes ii krb5-config 2.6 all Configuration files for Kerberos Version 5 ii krb5-kdc 1.17-3 amd64 MIT Kerberos key server (KDC) ii krb5-locales 1.17-3 all internationalization support for MIT Kerberos ii krb5-multidev:amd64 1.17-3 amd64 development files for MIT Kerberos without Heimdal conflict ii krb5-user 1.17-3 amd64 basic programs to authenticate using MIT Kerberos ii libacl1:amd64 2.2.53-4 amd64 access control list - shared library ii libacl1-dev:amd64 2.2.53-4 amd64 access control list - static libraries and headers ii libattr1:amd64 1:2.4.48-4 amd64 extended attribute handling - shared library ii libattr1-dev:amd64 1:2.4.48-4 amd64 extended attributes handling - static libraries and headers ii libbind9-161:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 amd64 BIND9 Shared Library used by BIND ii libgssapi-krb5-2:amd64 1.17-3 amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3 amd64 Heimdal Kerberos - libraries ii libkrb5-3:amd64 1.17-3 amd64 MIT Kerberos runtime libraries ii libkrb5-dev:amd64 1.17-3 amd64 headers and development libraries for MIT Kerberos ii libkrb5support0:amd64 1.17-3 amd64 MIT Kerberos runtime libraries - Support library ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 shared library for communication with SMB/CIFS servers ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba winbind client library ii python-attr 18.2.0-1 all Attributes without boilerplate (Python 2) ii python3-pyxattr 0.6.1-1 amd64 module for manipulating filesystem extended attributes (Python3) ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba core libraries ----------- Rowland penny via samba <samba at lists.samba.org> escreveu no dia segunda, 14/09/2020 ?(s) 08:43:> On 13/09/2020 22:40, Carlos Jesus wrote: > > Hi Rowland, thank you for your help. > > I've added the include "/var/lib/samba/bind-dns/named.conf in > > /etc/bind/named.conf instead of named.conf.options. > Please don't do that, it isn't a good idea, use an 'include', that way > if something changes, it will still work. > > > > As for the link, here it goes. > > https://lists.samba.org/archive/samba/2019-July/224546.html > > Yes and that didn't end successfully :-\ > > What did the Windows DC start out as ? 2008R2 or was it an earlier version > ? > > What was the full command you used to join the Samba DC to the Windows > domain ? > > Did you get any errors during the successful join ? > > Can you go here: > https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh > > Download the script and run it on your Samba DC. > > sanitise the outpost and post it to this list. > > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2020-Sep-14 10:22 UTC
[Samba] DNS problems when adding samba DC to win2008R2
On 14/09/2020 10:39, Carlos Jesus wrote:> > > > samba-tool domain join MyDomain.lx.pt <http://MyDomain.lx.pt> DC > -U"MyDomain\administrator" > > Did you get any errors during the successful join ? >You do not seem to have any obvious errors, so can you run this ldbsearch on your Samba DC: ldbsearch -H /usr/local/samba/private/sam.ldb -b 'CN=Sites,CN=Configuration,DC=MyDomain,DC=lx,DC=pt' -s sub '(&(objectClass=nTDSConnection)(cn=*))' dn You should get two results, one for each DC. Rowland
Here's the output. All seems well. This is my first mixed (win+samba) environment. Usually its all linux. Maybe I've missed something on the windoze side. I'll check again. dn: CN=5e2f6121-d691-4915-83c4-c709ca9cbf8c,CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomain,DC=lx,DC=pt # record 2 dn: CN=683c977b-02e4-4617-8084-c6d64018ab2e,CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomain,DC=lx,DC=pt # returned 2 records # 2 entries # 0 referrals Rowland penny via samba <samba at lists.samba.org> escreveu no dia segunda, 14/09/2020 ?(s) 11:23:> On 14/09/2020 10:39, Carlos Jesus wrote: > > > > > > > > samba-tool domain join MyDomain.lx.pt <http://MyDomain.lx.pt> DC > > -U"MyDomain\administrator" > > > > Did you get any errors during the successful join ? > > > You do not seem to have any obvious errors, so can you run this > ldbsearch on your Samba DC: > > ldbsearch -H /usr/local/samba/private/sam.ldb -b > 'CN=Sites,CN=Configuration,DC=MyDomain,DC=lx,DC=pt' -s sub > '(&(objectClass=nTDSConnection)(cn=*))' dn > > You should get two results, one for each DC. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >