thr3ads.net - samba - [Samba] Provisioning new AD Domain Controller [Jan 2024]

If this information is useful, please help other people find it:
Share via:

Mark Foley

2024-Jan-20 20:44 UTC

[Samba] Provisioning new AD Domain Controller

After provisioning and testing my new DC offline, I now want to move it into
production. This means changing IPs.

DC FQDN: mail.hprs.local

IPs for setup/testing:

DC: 192.168.1.60
Gateway: 192.168.1.1   (Netgear router)
DNS: 192.168.1.60      (/etc/resolv.conf)
/etc/hosts: 192.168.1.60  mail.hprs.local mail
smb.conf, dns forwarder: 192.168.1.1

Production IPs:

DC: 192.168.0.2
Gateway: 192.168.0.1   (SonicWall firewall/router)
DNS: 192.168.0.2       (/etc/resolv.conf)
/etc/hosts: 192.168.0.2  mail.hprs.local mail
smb.conf, dns forwarder: 192.168.0.1

I've restarted the network and samba to use these new IPs.

The A record looks good:

# host -t A mail.hprs.local
mail.hprs.local has address 192.168.0.2

I also created a new reverse dns record:

# samba-tool dns zonecreate mail.hprs.local 0.168.192.in-addr.arpa

# samba-tool dns zonelist mail
  pszZoneName                 : 0.168.192.in-addr.arpa
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
  pszDpFqdn                   : DomainDnsZones.hprs.local

Two problems ...

I'm not resolving any public or local hostnames, so it appears that samba is
not
acting as the dns server. I can access public and local hosts by IP.

Why?

Second, more minor problem, I cannot figure out how to delete the old reverse
dns record 1.168.192.in-addr.arpa. I've tried numerous combinations of the
command to do so with no luck including;

# samba-tool dns delete mail hprs.local mail PTR 1.168.192.in-addr.arpa
Password for [administrator at HPRS.LOCAL]:
ERROR(runtime): The record does not exist [WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST]
- (9701, 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')

What am I doing wrong?

Thanks --Mark

Rowland Penny

2024-Jan-20 21:27 UTC

head link

[Samba] Provisioning new AD Domain Controller

On Sat, 20 Jan 2024 15:44:18 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:
> After provisioning and testing my new DC offline, I now want to move
> it into production. This means changing IPs.
> 
> DC FQDN: mail.hprs.local
> 
> IPs for setup/testing:
> 
> DC: 192.168.1.60
> Gateway: 192.168.1.1   (Netgear router)
> DNS: 192.168.1.60      (/etc/resolv.conf)
> /etc/hosts: 192.168.1.60  mail.hprs.local mail
> smb.conf, dns forwarder: 192.168.1.1
> 
> Production IPs:
> 
> DC: 192.168.0.2
> Gateway: 192.168.0.1   (SonicWall firewall/router)
> DNS: 192.168.0.2       (/etc/resolv.conf)
> /etc/hosts: 192.168.0.2  mail.hprs.local mail
> smb.conf, dns forwarder: 192.168.0.1
> 
> I've restarted the network and samba to use these new IPs.
> 
> The A record looks good:
> 
> # host -t A mail.hprs.local
> mail.hprs.local has address 192.168.0.2
> 
> I also created a new reverse dns record:
> 
> # samba-tool dns zonecreate mail.hprs.local 0.168.192.in-addr.arpa
> 
> # samba-tool dns zonelist mail
>   pszZoneName                 : 0.168.192.in-addr.arpa
>   Flags                       : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE ZoneType                    :
> DNS_ZONE_TYPE_PRIMARY Version                     : 50
>   dwDpFlags                   : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn                   :
> DomainDnsZones.hprs.local
> 
> Two problems ...
> 
> I'm not resolving any public or local hostnames, so it appears that
> samba is not acting as the dns server. I can access public and local
> hosts by IP.
Is Samba running ?
Is /etc/resolv.conf set correctly ?

It should be:

search hprs.local
nameserver 192.168.0.2
> 
> Why?
> 
> Second, more minor problem, I cannot figure out how to delete the old
> reverse dns record 1.168.192.in-addr.arpa.
That could be because you will not have the reverse record
'1.168.192.in-addr.arpa', or if you do, you have really messed up your
dns.
> I've tried numerous
> combinations of the command to do so with no luck including;
> 
> # samba-tool dns delete mail hprs.local mail PTR
> 1.168.192.in-addr.arpa Password for [administrator at HPRS.LOCAL]:
> ERROR(runtime): The record does not exist
> [WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST] - (9701,
> 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')
> 
> What am I doing wrong?
You are not using the correct command, the usage is:

samba-tool dns delete <server> <zone> <name> PTR <data>

Where, in your case, <server> is 'mail', <zone> is
'0.168.192.in-addr.arpa', <name> is the DCs existing IP
'2' and <data>
is the DCs FQDN 'mail.hprs.local'

OR

samba-tool dns delete mail 0.168.192.in-addr.arpa 2 PTR mail.hprs.local

Rowland

Apparently Analagous Threads

Search for more possibly parallel threads

samba - Jan 2024 - Provisioning new AD Domain Controller

[Samba] Provisioning new AD Domain Controller

[Samba] Provisioning new AD Domain Controller

Apparently Analagous Threads