samba - Sep 2022 - DNS Help Request

On Fri, Sep 9, 2022 at 3:33 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 2022-09-09 at 15:16 -0400, Rob Campbell wrote:
> > DC02 is not a DC.  Initially I was going to make it a DC but I
> > changed my
> > mind.
> >
> > cat /etc/samba/smb.conf
> > cat /etc/samba/smb.conf
> > [global]
> > security = ADS
> > workgroup = HOME
> > realm = HOME.ROB-CAMPBELL.LAN
> >
> > log file = /var/log/samba/%m.log
> > log level = 1
> > idmap config * : backend = autorid
> > idmap config * : range = 10000-9999999
> > idmap config * : rangesize = 200000
> >
> > username map = /etc/samba/user.map
> >
> > template shell = /bin/bash
> > template homedir = /home/%U
> >
> > There is a log being created /var/log/samba/%m.log:
> >
> > [2022/09/09 15:14:39.261894,  0]
> > ../../source4/smbd/server.c:644(binary_smbd_main)
> >   samba version 4.13.13-Debian started.
> >   Copyright Andrew Tridgell and the Samba Team 1992-2020
> > [2022/09/09 15:14:39.306210,  0]
> > ../../source4/smbd/server.c:874(binary_smbd_main)
> >   At this time the 'samba' binary should only be used for
either:
> >   'server role = active directory domain controller' or to
access the
> > ntvfs
> > file server with 'server services = +smb' or the rpc proxy
with
> > 'dcerpc
> > endpoint servers = remote'
>
> You appear to be trying to start the 'samba' binary. you should
join
> the domain with 'net ads join -Uadministrator' or 'samba-tool
domain
> join <your_dnsdomain> MEMBER -Uadministrator', then once joined,
start
> smbd and winbind, you can aso optional start nmbd.
>
I started fresh.  I made sure to not start the samba binary on the member.
I didn't try to join yet because the DNS issue is still there.

net ads join -UAdministrator
Enter Administrator's password:
Failed to join domain: failed to find DC for domain HOME - The object was
not found.

> >   You should start smbd/nmbd/winbindd instead for domain member and
> > standalone file server tasks
> > [2022/09/09 15:14:39.306319,  0]
> > ../../lib/util/become_daemon.c:121(exit_daemon)
> >   exit_daemon: daemon failed to start: Samba detected misconfigured
> > 'server
> > role' and exited. Check logs for details, error code 22
> >
> > I haven't tried to join because DNS doesn't seem to be working
and
> > verifying dns is towards the beginning of the wiki.
> >
> > nslookup DC01.home.server-name.lan
> > ;; connection timed out; no servers could be reached
>
> Well it wouldn't, you should be using 'nslookup dc01.home.rob-
> campbell.lan' provided your dns domain is
'home.rob-campbell.lan',
> which it should be because your realm is 'HOME.ROB-CAMPBELL.LAN'.
>
I tried nslookup dc01.home.rob-campbell.lan and got the same error.
[Fri Sep 09 15:44:53] [root at dc02/var/log/samba$] nslookup
dc01.home.rob-campbell.lan
;; connection timed out; no servers could be reached
>
> > nslookup 10.0.0.10
> > ;; connection timed out; no servers could be reached
>
> Have you set up a reverse zone in AD ?
>
I used https://wiki.samba.org/index.php/DNS_Administration and set up all
of these for hostname dc02.home.rob-campbell.lan with IP 10.0.0.9

samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.10.in-addr.arpa
Zone 0.10.in-addr.arpa created successfully

samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.0.10.in-addr.arpa
Zone 0.0.10.in-addr.arpa created successfully

samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan dc02 A
10.0.0.9
Record added successfully

samba-tool dns add dc01.home.rob-campbell.lan 0.0.10.in-addr.arpa 9 PTR
dc02.home.rob-campbell.lan
Record added successfully

samba-tool dns add dc01.home.rob-campbell.lan 0.10.in-addr.arpa 9.0 PTR
dc02.home.rob-campbell.lan
Record added successfully

samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan
_dc02._tcp SRV 'dc02.home.rob-campbell.lan 8080 0 100'
Record added successfully

samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan @ NS
dc01.home.rob-campbell.lan
Record added successfully

net ads join -UAdministrator
Enter Administrator's password:
Failed to join domain: failed to find DC for domain HOME - The object was
not found.

>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Fri, 2022-09-09 at 16:19 -0400, Rob Campbell wrote:
> On Fri, Sep 9, 2022 at 3:33 PM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
> 
> > On Fri, 2022-09-09 at 15:16 -0400, Rob Campbell wrote:
> > > DC02 is not a DC.  Initially I was going to make it a DC but I
> > > changed my
> > > mind.
> > > 
> > > cat /etc/samba/smb.conf
> > > cat /etc/samba/smb.conf
> > > [global]
> > > security = ADS
> > > workgroup = HOME
> > > realm = HOME.ROB-CAMPBELL.LAN
> > > 
> > > log file = /var/log/samba/%m.log
> > > log level = 1
> > > idmap config * : backend = autorid
> > > idmap config * : range = 10000-9999999
> > > idmap config * : rangesize = 200000
> > > 
> > > username map = /etc/samba/user.map
> > > 
> > > template shell = /bin/bash
> > > template homedir = /home/%U
> > > 
> > > There is a log being created /var/log/samba/%m.log:
> > > 
> > > [2022/09/09 15:14:39.261894,  0]
> > > ../../source4/smbd/server.c:644(binary_smbd_main)
> > >   samba version 4.13.13-Debian started.
> > >   Copyright Andrew Tridgell and the Samba Team 1992-2020
> > > [2022/09/09 15:14:39.306210,  0]
> > > ../../source4/smbd/server.c:874(binary_smbd_main)
> > >   At this time the 'samba' binary should only be used for
either:
> > >   'server role = active directory domain controller' or
to access
> > > the
> > > ntvfs
> > > file server with 'server services = +smb' or the rpc
proxy with
> > > 'dcerpc
> > > endpoint servers = remote'
> > 
> > You appear to be trying to start the 'samba' binary. you
should
> > join
> > the domain with 'net ads join -Uadministrator' or
'samba-tool
> > domain
> > join <your_dnsdomain> MEMBER -Uadministrator', then once
joined,
> > start
> > smbd and winbind, you can aso optional start nmbd.
> > 
> 
> I started fresh.  I made sure to not start the samba binary on the
> member.
> I didn't try to join yet because the DNS issue is still there.
> 
> net ads join -UAdministrator
> Enter Administrator's password:
> Failed to join domain: failed to find DC for domain HOME - The object
> was
> not found.
> 
> 
> > >   You should start smbd/nmbd/winbindd instead for domain member
> > > and
> > > standalone file server tasks
> > > [2022/09/09 15:14:39.306319,  0]
> > > ../../lib/util/become_daemon.c:121(exit_daemon)
> > >   exit_daemon: daemon failed to start: Samba detected
> > > misconfigured
> > > 'server
> > > role' and exited. Check logs for details, error code 22
> > > 
> > > I haven't tried to join because DNS doesn't seem to be
working
> > > and
> > > verifying dns is towards the beginning of the wiki.
> > > 
> > > nslookup DC01.home.server-name.lan
> > > ;; connection timed out; no servers could be reached
> > 
> > Well it wouldn't, you should be using 'nslookup dc01.home.rob-
> > campbell.lan' provided your dns domain is
'home.rob-campbell.lan',
> > which it should be because your realm is
'HOME.ROB-CAMPBELL.LAN'.
> > 
> 
> I tried nslookup dc01.home.rob-campbell.lan and got the same error.
> [Fri Sep 09 15:44:53] [root at dc02/var/log/samba$] nslookup
> dc01.home.rob-campbell.lan
> ;; connection timed out; no servers could be reached
> 
> > > nslookup 10.0.0.10
> > > ;; connection timed out; no servers could be reached
> > 
> > Have you set up a reverse zone in AD ?
> > 
> 
> I used https://wiki.samba.org/index.php/DNS_Administration and set up
> all
> of these for hostname dc02.home.rob-campbell.lan with IP 10.0.0.9
> 
> samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.10.in-
> addr.arpa
> Zone 0.10.in-addr.arpa created successfully
> 
> samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.0.10.in-
> addr.arpa
> Zone 0.0.10.in-addr.arpa created successfully
> 
> samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan
> dc02 A
> 10.0.0.9
> Record added successfully
> 
> samba-tool dns add dc01.home.rob-campbell.lan 0.0.10.in-addr.arpa 9
> PTR
> dc02.home.rob-campbell.lan
> Record added successfully
> 
> samba-tool dns add dc01.home.rob-campbell.lan 0.10.in-addr.arpa 9.0
> PTR
> dc02.home.rob-campbell.lan
> Record added successfully
> 
> samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan
> _dc02._tcp SRV 'dc02.home.rob-campbell.lan 8080 0 100'
> Record added successfully
> 
> samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan @
> NS
> dc01.home.rob-campbell.lan
> Record added successfully
> 
> net ads join -UAdministrator
> Enter Administrator's password:
> Failed to join domain: failed to find DC for domain HOME - The object
> was
> not found.
I know it sounds obvious, but you have dns problems.

Does the DC use itself as its first nameserver in /etc/resolv.conf (it
should not be 127.0.0.1).

Does your Unix domain member use the DC as its first nameserver ?

Is a firewall getting in the way ?

Is there anything in syslog ?

Rowland