Differences

This shows you the differences between two versions of the page.

--- join_samba4_as_additional_dc [2015/09/10 20:57]
cbustillo [Verify /etc/hosts]
+++ join_samba4_as_additional_dc [2020/04/10 17:38] (current)
@@ Line 30: / Line 30: @@
 ===== Getting ready for joining Samba as a DC to an existing domain =====
-* You should remove any existing smb.conf in '/usr/local/samba/etc/' and the content in '/usr/local/samba/private/'. For Sernet Packages the locations are: '/etc/samba/smb.conf' and '/var/lib/samba/private'
+You should remove any existing smb.conf in '/usr/local/samba/etc/' and the content in '/usr/local/samba/private/'. For Sernet Packages the locations are: '/etc/samba/smb.conf' and '/var/lib/samba/private'
 ==== Verify /etc/hosts ====
@@ Line 77: / Line 77: @@
 </code>
 ===== Joining the existing domain as a DC  =====
+Before you start the joining, make yourself familiar with the parameters and options of „samba-tool domain join“:
+<code>
+# samba-tool domain join --help
+</code>
+Expecially the following two options are required, if your future Domain Controllers have multiple NICs. Because „samba-tool“ would auto-choose one of the IPv4/IPv6 addresses, if multiple where found, it might be necessary to bind Samba to the desired interfaces using:
+<code>--option="interfaces=lo eth0" --option="bind interfaces only=yes"</code>
 To join run the following command as root:
@@ Line 104: / Line 114: @@
  printcap name = /dev/null
- # DNS Forwarders, if you are using internal DNS
+ # DNS Forwarders, uncomment if you are using internal DNS
- dns forwarder = YOUR-FORWARDER's-IP
+ # dns forwarder = YOUR-FORWARDER's-IP
 </code>
 ===== Check required DNS entries of the new host =====
@@ Line 140: / Line 150: @@
  # samba-tool dns add IP-of-your-DNS _msdcs.redtic.uclv.cu 737506d0-bfe6-40c8-815d-08c3dff7a67f CNAME redtic-ad2.redtic.uclv.cu -Uadministrator
 </code>
+===== Configure DNS Server =====
+Follow the steps in [[samba4_as_ad_dc#configure_dns|configure DNS Server.]]
 Now is time to put a "nameserver" entry of your new DC in your '/etc/resolv.conf'. Example:
@@ Line 191: / Line 205: @@
 You can seize all five roles: rid, schema, naming, pdc and infrastructure (you can use "--role=all" to seize all at once).
+====== Known issues and ways to fix/workaround ======
+----
+If after join Samba4 as second domain controllers you receive the following error in the second DC in the logs file o after running manually "samba_dnsupdate --verbose":
+<code>
+/usr/sbin/samba_dnsupdate: update failed: NOTAUTH
+/usr/sbin/samba_dnsupdate: update failed: NOTAUTH
+/usr/sbin/samba_dnsupdate: update failed: NOTAUTH
+/usr/sbin/samba_dnsupdate: update failed: NOTAUTH
+/usr/sbin/samba_dnsupdate: update failed: NOTAUTH
+/usr/sbin/samba_dnsupdate: update failed: NOTAUTH
+</code>
+To solve the above, in the second DC (recently joined) put like dns server the DC1's IP address, ie:
+ /etc/resolv.conf
+<code>
+search yourdomain.com
+nameserver ip-of-dc2
+nameserver ip-of-dc1
+</code>
+Finally restart Samba o run:
+<code>
+# samba_dnsupdate --verbose
+</code>
+No you can see that all record are added successfully!!!
 ====== A note on DNS updates ======

ICT Network Project

User Tools

Site Tools

Differences

Page Tools