On Fri, Sep 9, 2022 at 4:30 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 2022-09-09 at 16:19 -0400, Rob Campbell wrote: > > On Fri, Sep 9, 2022 at 3:33 PM Rowland Penny via samba < > > samba at lists.samba.org> wrote: > > > > > On Fri, 2022-09-09 at 15:16 -0400, Rob Campbell wrote: > > > > DC02 is not a DC. Initially I was going to make it a DC but I > > > > changed my > > > > mind. > > > > > > > > cat /etc/samba/smb.conf > > > > cat /etc/samba/smb.conf > > > > [global] > > > > security = ADS > > > > workgroup = HOME > > > > realm = HOME.ROB-CAMPBELL.LAN > > > > > > > > log file = /var/log/samba/%m.log > > > > log level = 1 > > > > idmap config * : backend = autorid > > > > idmap config * : range = 10000-9999999 > > > > idmap config * : rangesize = 200000 > > > > > > > > username map = /etc/samba/user.map > > > > > > > > template shell = /bin/bash > > > > template homedir = /home/%U > > > > > > > > There is a log being created /var/log/samba/%m.log: > > > > > > > > [2022/09/09 15:14:39.261894, 0] > > > > ../../source4/smbd/server.c:644(binary_smbd_main) > > > > samba version 4.13.13-Debian started. > > > > Copyright Andrew Tridgell and the Samba Team 1992-2020 > > > > [2022/09/09 15:14:39.306210, 0] > > > > ../../source4/smbd/server.c:874(binary_smbd_main) > > > > At this time the 'samba' binary should only be used for either: > > > > 'server role = active directory domain controller' or to access > > > > the > > > > ntvfs > > > > file server with 'server services = +smb' or the rpc proxy with > > > > 'dcerpc > > > > endpoint servers = remote' > > > > > > You appear to be trying to start the 'samba' binary. you should > > > join > > > the domain with 'net ads join -Uadministrator' or 'samba-tool > > > domain > > > join <your_dnsdomain> MEMBER -Uadministrator', then once joined, > > > start > > > smbd and winbind, you can aso optional start nmbd. > > > > > > > I started fresh. I made sure to not start the samba binary on the > > member. > > I didn't try to join yet because the DNS issue is still there. > > > > net ads join -UAdministrator > > Enter Administrator's password: > > Failed to join domain: failed to find DC for domain HOME - The object > > was > > not found. > > > > > > > > You should start smbd/nmbd/winbindd instead for domain member > > > > and > > > > standalone file server tasks > > > > [2022/09/09 15:14:39.306319, 0] > > > > ../../lib/util/become_daemon.c:121(exit_daemon) > > > > exit_daemon: daemon failed to start: Samba detected > > > > misconfigured > > > > 'server > > > > role' and exited. Check logs for details, error code 22 > > > > > > > > I haven't tried to join because DNS doesn't seem to be working > > > > and > > > > verifying dns is towards the beginning of the wiki. > > > > > > > > nslookup DC01.home.server-name.lan > > > > ;; connection timed out; no servers could be reached > > > > > > Well it wouldn't, you should be using 'nslookup dc01.home.rob- > > > campbell.lan' provided your dns domain is 'home.rob-campbell.lan', > > > which it should be because your realm is 'HOME.ROB-CAMPBELL.LAN'. > > > > > > > I tried nslookup dc01.home.rob-campbell.lan and got the same error. > > [Fri Sep 09 15:44:53] [root at dc02/var/log/samba$] nslookup > > dc01.home.rob-campbell.lan > > ;; connection timed out; no servers could be reached > > > > > > nslookup 10.0.0.10 > > > > ;; connection timed out; no servers could be reached > > > > > > Have you set up a reverse zone in AD ? > > > > > > > I used https://wiki.samba.org/index.php/DNS_Administration and set up > > all > > of these for hostname dc02.home.rob-campbell.lan with IP 10.0.0.9 > > > > samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.10.in- > > addr.arpa > > Zone 0.10.in-addr.arpa created successfully > > > > samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.0.10.in- > > addr.arpa > > Zone 0.0.10.in-addr.arpa created successfully > > > > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan > > dc02 A > > 10.0.0.9 > > Record added successfully > > > > samba-tool dns add dc01.home.rob-campbell.lan 0.0.10.in-addr.arpa 9 > > PTR > > dc02.home.rob-campbell.lan > > Record added successfully > > > > samba-tool dns add dc01.home.rob-campbell.lan 0.10.in-addr.arpa 9.0 > > PTR > > dc02.home.rob-campbell.lan > > Record added successfully > > > > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan > > _dc02._tcp SRV 'dc02.home.rob-campbell.lan 8080 0 100' > > Record added successfully > > > > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan @ > > NS > > dc01.home.rob-campbell.lan > > Record added successfully > > > > net ads join -UAdministrator > > Enter Administrator's password: > > Failed to join domain: failed to find DC for domain HOME - The object > > was > > not found. > > I know it sounds obvious, but you have dns problems. > > Does the DC use itself as its first nameserver in /etc/resolv.conf (it > should not be 127.0.0.1). >Yes. It doesn't have 127.0.0.1 at all. nameserver 10.0.0.10 search HOME.ROB-CAMPBELL.LAN> > Does your Unix domain member use the DC as its first nameserver ? >It is set up the same: nameserver 10.0.0.10 search HOME.ROB-CAMPBELL.LAN> > > Is a firewall getting in the way ? >I checked and port 53 was already open but I 'opened it again' and I was able to: Everything below here is from DC02 (the member) nslookup dc01 Server: 10.0.0.10 Address: 10.0.0.10#53 Name: dc01.HOME.ROB-CAMPBELL.LAN Address: 10.0.0.10 Name: dc01.HOME.ROB-CAMPBELL.LAN Address: 2600:4040:4666:f900::1bac nslookup 10.0.0.10 10.0.0.10.in-addr.arpa name = DC01. Authoritative answers can be found from: But I was not able to nslookup dc02 Server: 10.0.0.10 Address: 10.0.0.10#53 Non-authoritative answer: *** Can't find dc02: No answer nslookup dc02.home.rob-campbell.lan Server: 10.0.0.10 Address: 10.0.0.10#53 ** server can't find dc02.home.rob-campbell.lan: NXDOMAIN> Is there anything in syslog ? >Only errors from me trying to add a dns record that already exists.> > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Correct me if I'm wrong, but it shouldn't show dc02 on a DNS lookup unless you added it as a Domain Controller, or you added it to DNS manually? On Fri, Sep 9, 2022 at 4:21 PM Rob Campbell via samba <samba at lists.samba.org> wrote:> On Fri, Sep 9, 2022 at 4:30 PM Rowland Penny via samba < > samba at lists.samba.org> wrote: > > > On Fri, 2022-09-09 at 16:19 -0400, Rob Campbell wrote: > > > On Fri, Sep 9, 2022 at 3:33 PM Rowland Penny via samba < > > > samba at lists.samba.org> wrote: > > > > > > > On Fri, 2022-09-09 at 15:16 -0400, Rob Campbell wrote: > > > > > DC02 is not a DC. Initially I was going to make it a DC but I > > > > > changed my > > > > > mind. > > > > > > > > > > cat /etc/samba/smb.conf > > > > > cat /etc/samba/smb.conf > > > > > [global] > > > > > security = ADS > > > > > workgroup = HOME > > > > > realm = HOME.ROB-CAMPBELL.LAN > > > > > > > > > > log file = /var/log/samba/%m.log > > > > > log level = 1 > > > > > idmap config * : backend = autorid > > > > > idmap config * : range = 10000-9999999 > > > > > idmap config * : rangesize = 200000 > > > > > > > > > > username map = /etc/samba/user.map > > > > > > > > > > template shell = /bin/bash > > > > > template homedir = /home/%U > > > > > > > > > > There is a log being created /var/log/samba/%m.log: > > > > > > > > > > [2022/09/09 15:14:39.261894, 0] > > > > > ../../source4/smbd/server.c:644(binary_smbd_main) > > > > > samba version 4.13.13-Debian started. > > > > > Copyright Andrew Tridgell and the Samba Team 1992-2020 > > > > > [2022/09/09 15:14:39.306210, 0] > > > > > ../../source4/smbd/server.c:874(binary_smbd_main) > > > > > At this time the 'samba' binary should only be used for either: > > > > > 'server role = active directory domain controller' or to access > > > > > the > > > > > ntvfs > > > > > file server with 'server services = +smb' or the rpc proxy with > > > > > 'dcerpc > > > > > endpoint servers = remote' > > > > > > > > You appear to be trying to start the 'samba' binary. you should > > > > join > > > > the domain with 'net ads join -Uadministrator' or 'samba-tool > > > > domain > > > > join <your_dnsdomain> MEMBER -Uadministrator', then once joined, > > > > start > > > > smbd and winbind, you can aso optional start nmbd. > > > > > > > > > > I started fresh. I made sure to not start the samba binary on the > > > member. > > > I didn't try to join yet because the DNS issue is still there. > > > > > > net ads join -UAdministrator > > > Enter Administrator's password: > > > Failed to join domain: failed to find DC for domain HOME - The object > > > was > > > not found. > > > > > > > > > > > You should start smbd/nmbd/winbindd instead for domain member > > > > > and > > > > > standalone file server tasks > > > > > [2022/09/09 15:14:39.306319, 0] > > > > > ../../lib/util/become_daemon.c:121(exit_daemon) > > > > > exit_daemon: daemon failed to start: Samba detected > > > > > misconfigured > > > > > 'server > > > > > role' and exited. Check logs for details, error code 22 > > > > > > > > > > I haven't tried to join because DNS doesn't seem to be working > > > > > and > > > > > verifying dns is towards the beginning of the wiki. > > > > > > > > > > nslookup DC01.home.server-name.lan > > > > > ;; connection timed out; no servers could be reached > > > > > > > > Well it wouldn't, you should be using 'nslookup dc01.home.rob- > > > > campbell.lan' provided your dns domain is 'home.rob-campbell.lan', > > > > which it should be because your realm is 'HOME.ROB-CAMPBELL.LAN'. > > > > > > > > > > I tried nslookup dc01.home.rob-campbell.lan and got the same error. > > > [Fri Sep 09 15:44:53] [root at dc02/var/log/samba$] nslookup > > > dc01.home.rob-campbell.lan > > > ;; connection timed out; no servers could be reached > > > > > > > > nslookup 10.0.0.10 > > > > > ;; connection timed out; no servers could be reached > > > > > > > > Have you set up a reverse zone in AD ? > > > > > > > > > > I used https://wiki.samba.org/index.php/DNS_Administration and set up > > > all > > > of these for hostname dc02.home.rob-campbell.lan with IP 10.0.0.9 > > > > > > samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.10.in- > > > addr.arpa > > > Zone 0.10.in-addr.arpa created successfully > > > > > > samba-tool dns zonecreate dc01.home.rob-campbell.lan 0.0.10.in- > > > addr.arpa > > > Zone 0.0.10.in-addr.arpa created successfully > > > > > > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan > > > dc02 A > > > 10.0.0.9 > > > Record added successfully > > > > > > samba-tool dns add dc01.home.rob-campbell.lan 0.0.10.in-addr.arpa 9 > > > PTR > > > dc02.home.rob-campbell.lan > > > Record added successfully > > > > > > samba-tool dns add dc01.home.rob-campbell.lan 0.10.in-addr.arpa 9.0 > > > PTR > > > dc02.home.rob-campbell.lan > > > Record added successfully > > > > > > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan > > > _dc02._tcp SRV 'dc02.home.rob-campbell.lan 8080 0 100' > > > Record added successfully > > > > > > samba-tool dns add dc01.home.rob-campbell.lan home.rob-campbell.lan @ > > > NS > > > dc01.home.rob-campbell.lan > > > Record added successfully > > > > > > net ads join -UAdministrator > > > Enter Administrator's password: > > > Failed to join domain: failed to find DC for domain HOME - The object > > > was > > > not found. > > > > I know it sounds obvious, but you have dns problems. > > > > Does the DC use itself as its first nameserver in /etc/resolv.conf (it > > should not be 127.0.0.1). > > > > Yes. It doesn't have 127.0.0.1 at all. > nameserver 10.0.0.10 > search HOME.ROB-CAMPBELL.LAN > > > > > Does your Unix domain member use the DC as its first nameserver ? > > > > It is set up the same: > nameserver 10.0.0.10 > search HOME.ROB-CAMPBELL.LAN > > > > > > Is a firewall getting in the way ? > > > I checked and port 53 was already open but I 'opened it again' and I was > able to: > Everything below here is from DC02 (the member) > > nslookup dc01 > Server: 10.0.0.10 > Address: 10.0.0.10#53 > > Name: dc01.HOME.ROB-CAMPBELL.LAN > Address: 10.0.0.10 > Name: dc01.HOME.ROB-CAMPBELL.LAN > Address: 2600:4040:4666:f900::1bac > > nslookup 10.0.0.10 > 10.0.0.10.in-addr.arpa name = DC01. > > Authoritative answers can be found from: > > But I was not able to > nslookup dc02 > Server: 10.0.0.10 > Address: 10.0.0.10#53 > > Non-authoritative answer: > *** Can't find dc02: No answer > > nslookup dc02.home.rob-campbell.lan > Server: 10.0.0.10 > Address: 10.0.0.10#53 > > ** server can't find dc02.home.rob-campbell.lan: NXDOMAIN > > > > > > Is there anything in syslog ? > > > > Only errors from me trying to add a dns record that already exists. > > > > > Rowland > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 9/9/22 18:20, Rob Campbell via samba wrote:> nslookup 10.0.0.10 > 10.0.0.10.in-addr.arpa name = DC01.This is wrong, as I understand it. You want reverse ip addresses to come back with the FQDN, I think. Here's how my network responds with ip address lookups: [thomas.cameron at case Desktop]$ host case case.tc.camerontech.com has address 172.31.100.4 [thomas.cameron at case Desktop]$ host case.tc.camerontech.com case.tc.camerontech.com has address 172.31.100.4 [thomas.cameron at case Desktop]$ host 172.31.100.4 4.100.31.172.in-addr.arpa domain name pointer case.tc.camerontech.com. [thomas.cameron at case Desktop]$ nslookup case Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: case.tc.camerontech.com Address: 172.31.100.4 [thomas.cameron at case Desktop]$ nslookup case.tc.camerontech.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: case.tc.camerontech.com Address: 172.31.100.4 [thomas.cameron at case Desktop]$ nslookup 172.31.100.4 4.100.31.172.in-addr.arpa name = case.tc.camerontech.com. Authoritative answers can be found from: [thomas.cameron at case Desktop]$ I won't swear to it, but I am *pretty* sure that DNS is supposed to return the FQDN. For reference, I run my own BIND server. I don't rely on Samba to do DNS, I have a separate DNS server in my environment. My zone files look like this (this is two lines, in case it gets trimmed): [root at wintermute ~]# grep case /var/named/* /var/named/100.31.172.in-addr.arpa:4 PTR case.tc.camerontech.com. /var/named/tc.camerontech.com:case IN 1H A 172.31.100.4 Hope this helps! Thomas