On Fri, Sep 9, 2022 at 4:30 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 2022-09-09 at 16:19 -0400, Rob Campbell wrote:
> > On Fri, Sep 9, 2022 at 3:33 PM Rowland Penny via samba <
> > samba at lists.samba.org> wrote:
> >
> > > On Fri, 2022-09-09 at 15:16 -0400, Rob Campbell wrote:
> > > > DC02 is not a DC. Initially I was going to make it a DC but
I
> > > > changed my
> > > > mind.
> > > >
> > > > cat /etc/samba/smb.conf
> > > > cat /etc/samba/smb.conf
> > > > [global]
> > > > security = ADS
> > > > workgroup = HOME
> > > > realm = HOME.ROB-CAMPBELL.LAN
> > > >
> > > > log file = /var/log/samba/%m.log
> > > > log level = 1
> > > > idmap config * : backend = autorid
> > > > idmap config * : range = 10000-9999999
> > > > idmap config * : rangesize = 200000
> > > >
> > > > username map = /etc/samba/user.map
> > > >
> > > > template shell = /bin/bash
> > > > template homedir = /home/%U
> > > >
> > > > There is a log being created /var/log/samba/%m.log:
> > > >
> > > > [2022/09/09 15:14:39.261894, 0]
> > > > ../../source4/smbd/server.c:644(binary_smbd_main)
> > > > samba version 4.13.13-Debian started.
> > > > Copyright Andrew Tridgell and the Samba Team 1992-2020
> > > > [2022/09/09 15:14:39.306210, 0]
> > > > ../../source4/smbd/server.c:874(binary_smbd_main)
> > > > At this time the 'samba' binary should only be
used for either:
> > > > 'server role = active directory domain controller'
or to access
> > > > the
> > > > ntvfs
> > > > file server with 'server services = +smb' or the rpc
proxy with
> > > > 'dcerpc
> > > > endpoint servers = remote'
> > >
> > > You appear to be trying to start the 'samba' binary. you
should
> > > join
> > > the domain with 'net ads join -Uadministrator' or
'samba-tool
> > > domain
> > > join <your_dnsdomain> MEMBER -Uadministrator', then
once joined,
> > > start
> > > smbd and winbind, you can aso optional start nmbd.
> > >
> >
> > I started fresh. I made sure to not start the samba binary on the
> > member.
> > I didn't try to join yet because the DNS issue is still there.
> >
> > net ads join -UAdministrator
> > Enter Administrator's password:
> > Failed to join domain: failed to find DC for domain HOME - The object
> > was
> > not found.
> >
> >
> > > > You should start smbd/nmbd/winbindd instead for domain
member
> > > > and
> > > > standalone file server tasks
> > > > [2022/09/09 15:14:39.306319, 0]
> > > > ../../lib/util/become_daemon.c:121(exit_daemon)
> > > > exit_daemon: daemon failed to start: Samba detected
> > > > misconfigured
> > > > 'server
> > > > role' and exited. Check logs for details, error code 22
> > > >
> > > > I haven't tried to join because DNS doesn't seem to
be working
> > > > and
> > > > verifying dns is towards the beginning of the wiki.
> > > >
> > > > nslookup DC01.home.server-name.lan
> > > > ;; connection timed out; no servers could be reached
> > >
> > > Well it wouldn't, you should be using 'nslookup
dc01.home.rob-
> > > campbell.lan' provided your dns domain is
'home.rob-campbell.lan',
> > > which it should be because your realm is
'HOME.ROB-CAMPBELL.LAN'.
> > >
> >
> > I tried nslookup dc01.home.rob-campbell.lan and got the same error.
> > [Fri Sep 09 15:44:53] [root at dc02/var/log/samba$] nslookup
> > dc01.home.rob-campbell.lan
> > ;; connection timed out; no servers could be reached
> >
> > > > nslookup 10.0.0.10
> > > > ;; connection timed out; no servers could be reached
> > >
> > > Have you set up a reverse zone in AD ?
> > >
> >
> > I used https://wiki.samba.org/index.php/DNS_Administration and set up
> > all
> > of these for hostname dc02.home.rob-campbell.lan with IP 10.0.0.9
> >
> > samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.10.in-
> > addr.arpa
> > Zone 0.10.in-addr.arpa created successfully
> >
> > samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.0.10.in-
> > addr.arpa
> > Zone 0.0.10.in-addr.arpa created successfully
> >
> > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan
> > dc02 A
> > 10.0.0.9
> > Record added successfully
> >
> > samba-tool dns add dc01.home.rob-campbell.lan 0.0.10.in-addr.arpa 9
> > PTR
> > dc02.home.rob-campbell.lan
> > Record added successfully
> >
> > samba-tool dns add dc01.home.rob-campbell.lan 0.10.in-addr.arpa 9.0
> > PTR
> > dc02.home.rob-campbell.lan
> > Record added successfully
> >
> > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan
> > _dc02._tcp SRV 'dc02.home.rob-campbell.lan 8080 0 100'
> > Record added successfully
> >
> > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan @
> > NS
> > dc01.home.rob-campbell.lan
> > Record added successfully
> >
> > net ads join -UAdministrator
> > Enter Administrator's password:
> > Failed to join domain: failed to find DC for domain HOME - The object
> > was
> > not found.
>
> I know it sounds obvious, but you have dns problems.
>
> Does the DC use itself as its first nameserver in /etc/resolv.conf (it
> should not be 127.0.0.1).
>
Yes. It doesn't have 127.0.0.1 at all.
nameserver 10.0.0.10
search HOME.ROB-CAMPBELL.LAN
>
> Does your Unix domain member use the DC as its first nameserver ?
>
It is set up the same:
nameserver 10.0.0.10
search HOME.ROB-CAMPBELL.LAN>
>
> Is a firewall getting in the way ?
>
I checked and port 53 was already open but I 'opened it again' and I was
able to:
Everything below here is from DC02 (the member)
nslookup dc01
Server: 10.0.0.10
Address: 10.0.0.10#53
Name: dc01.HOME.ROB-CAMPBELL.LAN
Address: 10.0.0.10
Name: dc01.HOME.ROB-CAMPBELL.LAN
Address: 2600:4040:4666:f900::1bac
nslookup 10.0.0.10
10.0.0.10.in-addr.arpa name = DC01.
Authoritative answers can be found from:
But I was not able to
nslookup dc02
Server: 10.0.0.10
Address: 10.0.0.10#53
Non-authoritative answer:
*** Can't find dc02: No answer
nslookup dc02.home.rob-campbell.lan
Server: 10.0.0.10
Address: 10.0.0.10#53
** server can't find dc02.home.rob-campbell.lan: NXDOMAIN
> Is there anything in syslog ?
>
Only errors from me trying to add a dns record that already exists.
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>