This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
join_samba4_as_additional_dc [2015/09/10 20:57] cbustillo [Getting ready for joining Samba as a DC to an existing domain] |
join_samba4_as_additional_dc [2020/04/10 17:38] (current) |
||
---|---|---|---|
Line 77: | Line 77: | ||
</code> | </code> | ||
===== Joining the existing domain as a DC ===== | ===== Joining the existing domain as a DC ===== | ||
+ | |||
+ | Before you start the joining, make yourself familiar with the parameters and options of „samba-tool domain join“: | ||
+ | |||
+ | <code> | ||
+ | # samba-tool domain join --help | ||
+ | </code> | ||
+ | |||
+ | Expecially the following two options are required, if your future Domain Controllers have multiple NICs. Because „samba-tool“ would auto-choose one of the IPv4/IPv6 addresses, if multiple where found, it might be necessary to bind Samba to the desired interfaces using: | ||
+ | |||
+ | <code>--option="interfaces=lo eth0" --option="bind interfaces only=yes"</code> | ||
To join run the following command as root: | To join run the following command as root: | ||
Line 104: | Line 114: | ||
printcap name = /dev/null | printcap name = /dev/null | ||
- | # DNS Forwarders, if you are using internal DNS | + | # DNS Forwarders, uncomment if you are using internal DNS |
- | dns forwarder = YOUR-FORWARDER's-IP | + | # dns forwarder = YOUR-FORWARDER's-IP |
</code> | </code> | ||
===== Check required DNS entries of the new host ===== | ===== Check required DNS entries of the new host ===== | ||
Line 140: | Line 150: | ||
# samba-tool dns add IP-of-your-DNS _msdcs.redtic.uclv.cu 737506d0-bfe6-40c8-815d-08c3dff7a67f CNAME redtic-ad2.redtic.uclv.cu -Uadministrator | # samba-tool dns add IP-of-your-DNS _msdcs.redtic.uclv.cu 737506d0-bfe6-40c8-815d-08c3dff7a67f CNAME redtic-ad2.redtic.uclv.cu -Uadministrator | ||
</code> | </code> | ||
+ | |||
+ | ===== Configure DNS Server ===== | ||
+ | |||
+ | Follow the steps in [[samba4_as_ad_dc#configure_dns|configure DNS Server.]] | ||
Now is time to put a "nameserver" entry of your new DC in your '/etc/resolv.conf'. Example: | Now is time to put a "nameserver" entry of your new DC in your '/etc/resolv.conf'. Example: | ||
Line 191: | Line 205: | ||
You can seize all five roles: rid, schema, naming, pdc and infrastructure (you can use "--role=all" to seize all at once). | You can seize all five roles: rid, schema, naming, pdc and infrastructure (you can use "--role=all" to seize all at once). | ||
+ | |||
+ | ====== Known issues and ways to fix/workaround ====== | ||
+ | ---- | ||
+ | |||
+ | If after join Samba4 as second domain controllers you receive the following error in the second DC in the logs file o after running manually "samba_dnsupdate --verbose": | ||
+ | |||
+ | <code> | ||
+ | /usr/sbin/samba_dnsupdate: update failed: NOTAUTH | ||
+ | /usr/sbin/samba_dnsupdate: update failed: NOTAUTH | ||
+ | /usr/sbin/samba_dnsupdate: update failed: NOTAUTH | ||
+ | /usr/sbin/samba_dnsupdate: update failed: NOTAUTH | ||
+ | /usr/sbin/samba_dnsupdate: update failed: NOTAUTH | ||
+ | /usr/sbin/samba_dnsupdate: update failed: NOTAUTH | ||
+ | </code> | ||
+ | |||
+ | To solve the above, in the second DC (recently joined) put like dns server the DC1's IP address, ie: | ||
+ | /etc/resolv.conf | ||
+ | |||
+ | <code> | ||
+ | search yourdomain.com | ||
+ | nameserver ip-of-dc2 | ||
+ | nameserver ip-of-dc1 | ||
+ | </code> | ||
+ | |||
+ | Finally restart Samba o run: | ||
+ | |||
+ | <code> | ||
+ | # samba_dnsupdate --verbose | ||
+ | </code> | ||
+ | |||
+ | No you can see that all record are added successfully!!! | ||
====== A note on DNS updates ====== | ====== A note on DNS updates ====== |