[Samba] Samba4 - Problem trying to add Win 2008 R2 server to Samba4 AD-DC
in [Samba]
|
Prev: 'force create mode' not working when 'unix extensions = yes'
Next: [Samba] home share issue: //server/homes errs, while //server/<username> works
From: David Gonzalez on 10 Aug 2010 00:10 Hi, 'm trying to setup a Win 2k8 r2 as member server of my domain as Andrew did on his video, but I've come across this error: Aug 9 22:47:10 voip named[17100]: client 192.168.254.160#62102: updating zone 'samba.dghvoip.com/IN': update unsuccessful: samba.dghvoip.com: 'name not in use' prerequisite not satisfied (YXDOMAIN) I followed SambaWiki howto word by word, and my Win2k8k has static IP 192.168.254.160 and my samba box (192.168.254.100) as DNS. when I run dcpromo and see the "Add additional server options" screen, the white window with "We could not determine if dynamic updates are enabled on the DNS Server....". My setup is as follows: # samba -V Version 4.0.0alpha12-GIT-e0f79da DHCPD server is running on this same machine. # cat /etc/dhcpd.conf # If hardware address begins with 00:FF, the client is an # openvpn tap adapter, and we do not want to assign a # default gateway or dns server. Assign then to a special # subclass and configure a pool which does not hand out # these parameters. class "openvpn" { match if substring (hardware, 1, 2) = 00:FF; } # end class declaration authoritative; # No other DHCP servers on this subnet ddns-update-style interim; # Supported update method - see man dhcpd.conf allow client-updates; # Overwrite client configured FQHNs # If you have fixed-address entries you want to use dynamic dns update-static-leases on; one-lease-per-client on; ping-timeout 5; deny duplicates; allow booting; allow bootp; option option-128 code 128 = string; option option-129 code 129 = text; key dhcpupdate { # Key for DNS updates algorithm hmac-md5; secret "v63XUntwqSRXBjbVhLsGQg=="; } zone dghvoip.lan. { primary 127.0.0.1; key dhcpupdate; } zone 254.168.192.in-addr.arpa. { primary 127.0.0.1; key dhcpupdate; } subnet 192.168.254.0 netmask 255.255.255.0 { # ignore client-updates; always-broadcast on; ddns-updates on; ddns-rev-domainname "in-addr.arpa"; ddns-domainname "dghvoip.lan"; # default-lease-time 280600; # max-lease-time 561200; next-server 192.168.254.110; filename "/pxelinux.0"; option subnet-mask 255.255.255.0; option domain-name "dghvoip.lan"; option domain-name-servers 192.168.254.110, 192.168.254.130, 208.67.222.222; option time-offset -0500; option ntp-servers 192.168.254.110; option time-servers 192.168.254.110; option tftp-server-name "xenserver.dghvoip.lan"; one-lease-per-client true; # required for phones to pickup profile option netbios-name-servers 192.168.254.130; option netbios-node-type 8; ########################### ### LAN non-VPN Clients ### ########################### pool { deny members of "openvpn"; range 192.168.254.51 192.168.254.99; option routers 192.168.254.1; option domain-name-servers 192.168.254.130, 208.67.222.222; one-lease-per-client true; default-lease-time 280600; max-lease-time 561200; #dns-hostname = concat ("dhcp-", binary-to-ascii (10, 8, "-", leased-address)); } ############################# ### VPN CLient parameters ### ############################# pool { allow members of "openvpn"; range 192.168.254.21 192.168.254.50; ddns-hostname = concat ("vpn-", binary-to-ascii (10, 8, "-", leased-address)); option domain-name-servers 192.168.254.110, 192.168.254.130; option netbios-name-servers 192.168.254.160; option netbios-node-type 8; default-lease-time 3600; max-lease-time 7200; one-lease-per-client true; } } # /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.254.100; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; // dnssec-enable yes; // dnssec-validation yes; // dnssec-lookaside . trust-anchor dlv.isc.org.; [01] /etc/named.conf 21,01 Top # cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.254.100; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; // dnssec-enable yes; // dnssec-validation yes; // dnssec-lookaside . trust-anchor dlv.isc.org.; tkey-gssapi-credential "DNS/samba.dghvoip.com"; tkey-domain "SAMBA.DGHVOIP.COM"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/usr/local/samba/private/named.conf"; include "/etc/named.rfc1912.zones"; include "/etc/named.iscdlv.key"; # cat /usr/local/samba/private/named.conf zone "samba.dghvoip.com." IN { type master; file "/usr/local/samba/private/dns/samba.dghvoip.com.zone"; include "/usr/local/samba/private/named.conf.update"; check-names ignore; }; # cat /usr/local/samba/private/named. named.conf named.conf.update named.txt [root(a)voip ~]# cat /usr/local/samba/private/named.conf.update /* this file is auto-generated - do not edit */ update-policy { grant SAMBA.DGHVOIP.COM ms-self * A AAAA; grant administrator(a)SAMBA.DGHVOIP.COM wildcard * A AAAA SRV CNAME TXT; grant VOIP$@SAMBA.DGHVOIP.COM wildcard * A AAAA SRV CNAME; }; # cat /usr/local/samba/private/dns/samba.dghvoip.com.zone ; -*- zone -*- ; generated by provision.pl $ORIGIN samba.dghvoip.com. $TTL 1W @ IN SOA @ hostmaster ( 2010080921 ; serial 2D ; refresh 4H ; retry 6W ; expiry 1W ) ; minimum IN NS voip IN A 192.168.254.100 ; voip IN A 192.168.254.100 gc._msdcs IN A 192.168.254.100 ebb75fa1-e4ac-443c-ad9d-9878e1ff3f0d._msdcs IN CNAME voip ; ; global catalog servers _gc._tcp IN SRV 0 100 3268 voip _gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268 voip _ldap._tcp.gc._msdcs IN SRV 0 100 3268 voip _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 3268 voip ; ; ldap servers _ldap._tcp IN SRV 0 100 389 voip _ldap._tcp.dc._msdcs IN SRV 0 100 389 voip _ldap._tcp.pdc._msdcs IN SRV 0 100 389 voip _ldap._tcp.7620096c-a269-4881-99e1-149da78a4a36.domains._msdcs IN SRV 0 100 389 voip _ldap._tcp.Default-First-Site-Name._sites IN SRV 0 100 389 voip _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389 voip ; ; krb5 servers _kerberos._tcp IN SRV 0 100 88 voip _kerberos._tcp.dc._msdcs IN SRV 0 100 88 voip _kerberos._tcp.Default-First-Site-Name._sites IN SRV 0 100 88 voip _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 voip _kerberos._udp IN SRV 0 100 88 voip ; MIT kpasswd likes to lookup this name on password change _kerberos-master._tcp IN SRV 0 100 88 voip _kerberos-master._udp IN SRV 0 100 88 voip ; ; kpasswd _kpasswd._tcp IN SRV 0 100 464 voip _kpasswd._udp IN SRV 0 100 464 voip ; ; heimdal 'find realm for host' hack _kerberos IN TXT SAMBA.DGHVOIP.COM # cat /etc/krb5.conf [libdefaults] default_realm = SAMBA.DGHVOIP.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] SAMBA.DGHVOIP.COM = { kdc = voip.samba.dghvoip.com:88 admin_server = voip.samba.dghvoip.com:749 default_domain = samba.dghvoip.com } [domain_realm] .samba.dghvoip.com = SAMBA.DGHVOIP.COM samba.dghvoip.com = SAMBA.DGHVOIP.COM # cat /usr/local/samba/etc/smb.conf [globals] netbios name = VOIP workgroup = DGHVOIP realm = SAMBA.DGHVOIP.COM server role = domain controller interfaces = eth0 wins support = yes log level = 3 rndc command = true [netlogon] path = /usr/local/samba/var/locks/sysvol/dghvoip.lan/scripts read only = no [sysvol] path = /usr/local/samba/var/locks/sysvol read only = no [media] path = /home/downloads read only = no [profiles] path = /home/profiles read only = no [temp] path = /tmp read only = no # cat /etc/resolv.conf nameserver localhost nameserver 127.0.0.1 # cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.254.100 voip.samba.dghvoip.com voip # cat /etc/sysconfig/network NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=voip.samba.dghvoip.com GATEWAY=192.168.254.1 If any additional info is required I'll be glad to post it here. Any tips will be greatly appreciated Thanks --- David Gonzalez H. DGHVoIP - OPEN SOURCE TELEPHONY SOLUTIONS Phone Bogotá: +(57-1)289-1168 Phone Medellin: +(57-4)247-0985 Mobile: +(57)315-838-8326 MSN: david(a)planetaradio.net Skype: davidgonzalezh WEB: http://www.dghvoip.com/ Proud Linux User #294661 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |