lists at zxt10d.de
2024-Jan-04  07:16 UTC
[Samba] Fresh ad installation - Win2022 can't join
Good morning, and a Happy New Year ? I'd like to setup a test-enviroment, based on Debian Bookworm and mjt's 4.19.3 packages. samba is running as a Hyper-V vm, its ip is 192.168.178.37, its name is dc.augusta.domain.tld My idea is to use this dc for two networks (192.168.178.0/24 and 192.168.180.0/24) and for testing one Windows 2022 server (192.168.178.34/24). I used these two guides: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller https://wiki.samba.org/index.php/DNS_Administration Plus I added an computer-account by using "samba-tool computer add %name%" So far, so good ... ? When trying to add the Windows 2022 server to the domain I get this error message (in german): Beim Abfragen von DNS ?ber den Ressourceneintrag der Dienstidentifizierung (SRV), der zur Suche eines Active Directory-Dom?nencontrollers (AD DC) f?r die Dom?ne "augusta.domain.tld" verwendet wird, ist ein Fehler aufgetreten. Fehler: "Bei der DNS-Abfrage wurden keine Eintr?ge gefunden." (Fehlercode 0x0000251D DNS_INFO_NO_RECORDS) Es handelt sich um die Abfrage des Dienstidentifizierungseintrags f?r _ldap._tcp.dc._msdcs.augusta.domain.tld. So: what did I wrong, or what is missing? Thanks in advance! Torsten Dig on the Windows machine: dig dc.augusta.domain.tld ; <<>> DiG 9.10 <<>> dc.augusta.domain.tld ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21685 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;dc.augusta.domain.tld. IN A ;; ANSWER SECTION: dc.augusta.domain.tld. 900 IN A 192.168.178.37 ;; AUTHORITY SECTION: augusta.domain.tld. 3600 IN SOA dc.augusta.domain.tld. hostmaster.augusta.domain.tld. 1 900 600 86400 3600 ;; Query time: 0 msec ;; SERVER: 192.168.178.37#53(192.168.178.37) ;; WHEN: Thu Jan 04 07:32:04 Mitteleurop?ische Zeit 2024 ;; MSG SIZE rcvd: 108 samba-tool on the dc: root at dc:/home/torsten# samba-tool dns zonelist dc.augusta.domain.tld Password for [administrator at AUGUSTA.domain.tld]: 7 zone(s) found pszZoneName : 178.168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.augusta.domain.tld pszZoneName : 0.99.10.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.augusta.domain.tld pszZoneName : 180.168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.augusta.domain.tld pszZoneName : 168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.augusta.domain.tld pszZoneName : 192.168.178.37.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.augusta.domain.tld pszZoneName : augusta.domain.tld Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.augusta.domain.tld pszZoneName : _msdcs.augusta.domain.tld Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.augusta.domain.tld root at dc:/home/torsten# samba-tool dns zoneinfo dc.augusta.domain.tld _msdcs.augusta.domain.tld Password for [administrator at AUGUSTA.domain.tld]: pszZoneName : _msdcs.augusta.domain.tld dwZoneType : DNS_ZONE_TYPE_PRIMARY fReverse : FALSE fAllowUpdate : DNS_ZONE_UPDATE_SECURE fPaused : FALSE fShutdown : FALSE fAutoCreated : FALSE fUseDatabase : TRUE pszDataFile : None aipMasters : [] fSecureSecondaries : DNS_ZONE_SECSECURE_NO_XFER fNotifyLevel : DNS_ZONE_NOTIFY_LIST_ONLY aipSecondaries : [] aipNotify : [] fUseWins : FALSE fUseNbstat : FALSE fAging : FALSE dwNoRefreshInterval : 72 dwRefreshInterval : 72 dwAvailForScavengeTime : 0 aipScavengeServers : [] dwRpcStructureVersion : 0x2 dwForwarderTimeout : 0 fForwarderSlave : 0 aipLocalMasters : [] dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.augusta.domain.tld pwszZoneDn : DC=_msdcs.augusta.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=augusta,DC=domain,DC=tld dwLastSuccessfulSoaCheck : 0 dwLastSuccessfulXfr : 0 fQueuedForBackgroundLoad : FALSE fBackgroundLoadInProgress : FALSE fReadOnlyZone : FALSE dwLastXfrAttempt : 0 dwLastXfrResult : 0 root at dc:/home/torsten# samba-tool dns serverinfo dc.augusta.domain.tld Password for [administrator at AUGUSTA.domain.tld]: dwVersion : 0xece0205 fBootMethod : DNS_BOOT_METHOD_DIRECTORY fAdminConfigured : FALSE fAllowUpdate : TRUE fDsAvailable : TRUE pszServerName : DC.augusta.domain.tld pszDsContainer : CN=MicrosoftDNS,DC=DomainDnsZones,DC=augusta,DC=domain,DC=tld aipServerAddrs : ['2003:d1:bf47:a200:215:5dff:feb2:1901', '192.168.178.37'] aipListenAddrs : ['2003:d1:bf47:a200:215:5dff:feb2:1901', '192.168.178.37'] aipForwarders : [] dwLogLevel : 0 dwDebugLevel : 0 dwForwardTimeout : 3 dwRpcPrototol : 0x5 dwNameCheckFlag : DNS_ALLOW_MULTIBYTE_NAMES cAddressAnswerLimit : 0 dwRecursionRetry : 3 dwRecursionTimeout : 8 dwMaxCacheTtl : 86400 dwDsPollingInterval : 180 dwScavengingInterval : 168 dwDefaultRefreshInterval : 72 dwDefaultNoRefreshInterval : 72 fAutoReverseZones : FALSE fAutoCacheUpdate : FALSE fRecurseAfterForwarding : FALSE fForwardDelegations : TRUE fNoRecursion : FALSE fSecureResponses : FALSE fRoundRobin : TRUE fLocalNetPriority : FALSE fBindSecondaries : FALSE fWriteAuthorityNs : FALSE fStrictFileParsing : FALSE fLooseWildcarding : FALSE fDefaultAgingState : FALSE dwRpcStructureVersion : 0x2 aipLogFilter : [] pwszLogFilePath : None pszDomainName : augusta.domain.tld pszForestName : augusta.domain.tld pszDomainDirectoryPartition : DC=DomainDnsZones,DC=augusta,DC=domain,DC=tld pszForestDirectoryPartition : DC=ForestDnsZones,DC=augusta,DC=domain,DC=tld dwLocalNetPriorityNetMask : 0xff dwLastScavengeTime : 0 dwEventLogLevel : 4 dwLogFileMaxSize : 0 dwDsForestVersion : 4 dwDsDomainVersion : 4 dwDsDsaVersion : 4 fReadOnlyDC : FALSE root at dc:/home/torsten# samba-tool dns zoneinfo dc.augusta.domain.tld 178.168.192.in-addr.arpa Password for [administrator at AUGUSTA.domain.tld]: pszZoneName : 178.168.192.in-addr.arpa dwZoneType : DNS_ZONE_TYPE_PRIMARY fReverse : TRUE fAllowUpdate : DNS_ZONE_UPDATE_SECURE fPaused : FALSE fShutdown : FALSE fAutoCreated : FALSE fUseDatabase : TRUE pszDataFile : None aipMasters : [] fSecureSecondaries : DNS_ZONE_SECSECURE_NO_XFER fNotifyLevel : DNS_ZONE_NOTIFY_LIST_ONLY aipSecondaries : [] aipNotify : [] fUseWins : FALSE fUseNbstat : FALSE fAging : FALSE dwNoRefreshInterval : 168 dwRefreshInterval : 168 dwAvailForScavengeTime : 0 aipScavengeServers : [] dwRpcStructureVersion : 0x2 dwForwarderTimeout : 0 fForwarderSlave : 0 aipLocalMasters : [] dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.augusta.domain.tld pwszZoneDn : DC=178.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=augusta,DC=domain,DC=tld dwLastSuccessfulSoaCheck : 0 dwLastSuccessfulXfr : 0 fQueuedForBackgroundLoad : FALSE fBackgroundLoadInProgress : FALSE fReadOnlyZone : FALSE dwLastXfrAttempt : 0 dwLastXfrResult : 0
On Thu, 4 Jan 2024 08:16:44 +0100 lists--- via samba <samba at lists.samba.org> wrote:> Good morning, and a Happy New Year ? > > I'd like to setup a test-enviroment, based on Debian Bookworm and > mjt's 4.19.3 packages. > samba is running as a Hyper-V vm, its ip is 192.168.178.37, its name > is dc.augusta.domain.tld > > My idea is to use this dc for two networks (192.168.178.0/24 and > 192.168.180.0/24) and for testing one Windows 2022 server > (192.168.178.34/24). > I used these two guides: > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller > https://wiki.samba.org/index.php/DNS_Administration > Plus I added an computer-account by using "samba-tool computer add > %name%" So far, so good ... ? > > When trying to add the Windows 2022 server to the domain I get this > error message (in german): > Beim Abfragen von DNS ?ber den Ressourceneintrag der > Dienstidentifizierung (SRV), der zur Suche eines Active > Directory-Dom?nencontrollers (AD DC) f?r die Dom?ne > "augusta.domain.tld" verwendet wird, ist ein Fehler aufgetreten. > > Fehler: "Bei der DNS-Abfrage wurden keine Eintr?ge gefunden." > (Fehlercode 0x0000251D DNS_INFO_NO_RECORDS) > > Es handelt sich um die Abfrage des Dienstidentifizierungseintrags f?r > _ldap._tcp.dc._msdcs.augusta.domain.tld. > > So: what did I wrong, or what is missing? >Lets start with the obvious, does the record exist, running the following command should produce a record for every DC: host -t SRV _ldap._tcp.dc._msdcs.augusta.domain.tld. How are you trying to join the 2022 machine ? As a DC or a domain member ? The Latter should work, but there is this bug report: https://bugzilla.samba.org/show_bug.cgi?id=15495 Rowland