[opensuse] Problems setting up Samba-3 as PDC
Hi all, some weeks ago I posted the following message to the Samba list but haven't seen any replies so far... This might be a bit OT but I need to find an answer soon and surely someone here has faced this problem before... I need to setup a PDC on Samba 3. To achieve this I followed the steps described on the Samba docs and on some other websites I found after googling for a while. From the Samba side everything seems to be OK: ---- Apr 3 15:30:06 v601 nmbd[11664]: Samba server V601 is now a domain master browser for workgroup MYDOMAIN.COM on subnet 192.168.1.11 ---- So far, so good... it was an easy task. Now problems arise when I want the WinXP Professional clients to join that domain (full disclosure here: I'm a Windows user by "market contamination" so maybe I'm overseeing something obvious during the process). This is the error message I get when trying to join the domain: ---- DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain mydomain.com: The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain.com The following domain controllers were identified by the query: v601.mydomain.com Common causes of this error include: - Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses. - Domain controllers registered in DNS are not connected to the network or are not running. For information about correcting this problem, click Help. ---- First off, I had to manually add that SRV record on my named.conf. I've been told that all needed entries are created automatically on the DNS when you are on a Windows environment... Secondly, AFAIK the DNS has been setup correctly for both direct and reverse queries. That's why I must raise an eyebrow when I see such an error message popping up So... is there anything I have forgotten to set up things correctly?? TIA and regards, Martin __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Martin Mielke wrote:
Hi all,
some weeks ago I posted the following message to the Samba list but haven't seen any replies so far... This might be a bit OT but I need to find an answer soon and surely someone here has faced this problem before... For information about correcting this problem, click Help. ----
First off, I had to manually add that SRV record on my named.conf. I've
named.conf ?!? this entry should be added to the appropriate zone file. Are you scoping your DNS (i.e. maintaining localised and external DNS entries), my entry is in my internal zone.
been told that all needed entries are created automatically on the DNS when you are on a Windows environment...
Secondly, AFAIK the DNS has been setup correctly for both direct and reverse queries. That's why I must raise an eyebrow when I see such an error message popping up
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Hi,
Apr 3 15:30:06 v601 nmbd[11664]: Samba server V601 is now a domain master browser for workgroup MYDOMAIN.COM on subnet 192.168.1.11
Workgroup or Domain? Are you adding a samba PDC to an existing active directory domain?
Now problems arise when I want the WinXP Professional clients to join that domain (full disclosure here: I'm a Windows user by "market contamination" so maybe I'm overseeing something obvious during the process).
This is the error message I get when trying to join the domain: ---- ..... First off, I had to manually add that SRV record on my named.conf. I've been told that all needed entries are created automatically on the DNS when you are on a Windows environment...
Yes, windows 2000 and 2003 uses DNS as a locator service. When you join a domain, servers and clients dynamicly update the name server. Each server insert records of type SRV to the name server to indicate what functions it is performing (ldap, kerberos, global catalog server, ....). If you have the requirement that the source of IP to host mappings be bind, you have essentially two solutions: - run the bind servers in dynamic mode (allowing only the Domain Controllers to make changes to the DNS records) - use a combination of Bind and W2K dns servers, delegating the following zones (_msdcs, _tcp, _udp, _sites) to a microsoft dns server, which is more "secure" than the previous solution because the dns servers can be run in a "secured" mode Regards. Gaël
Martin Mielke wrote:
Hi all,
some weeks ago I posted the following message to the Samba list but haven't seen any replies so far... This might be a bit OT but I need to find an answer soon and surely someone here has faced this problem before...
I need to setup a PDC on Samba 3. To achieve this I followed the steps described on the Samba docs and on some other websites I found after googling for a while. From the Samba side everything seems to be OK: ---- Apr 3 15:30:06 v601 nmbd[11664]: Samba server V601 is now a domain master browser for workgroup MYDOMAIN.COM on subnet 192.168.1.11 ----
So far, so good... it was an easy task.
Now problems arise when I want the WinXP Professional clients to join that domain (full disclosure here: I'm a Windows user by "market contamination" so maybe I'm overseeing something obvious during the process).
This is the error message I get when trying to join the domain: ---- DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain mydomain.com:
The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain.com
The following domain controllers were identified by the query:
v601.mydomain.com
Common causes of this error include:
- Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running.
For information about correcting this problem, click Help. ----
First off, I had to manually add that SRV record on my named.conf. I've been told that all needed entries are created automatically on the DNS when you are on a Windows environment...
Secondly, AFAIK the DNS has been setup correctly for both direct and reverse queries. That's why I must raise an eyebrow when I see such an error message popping up
So... is there anything I have forgotten to set up things correctly??
TIA and regards,
Martin
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Sorry to touch basics but .... Is your record of the form? _ldap._tcp.dc._msdcs.mydomain.com IN SRV 0 100 389 <PDC server>.mydomain.com and port 389 is open on server It was a long time ago I set this up... but I do vaguely remember something anout DOMAIN names, and PDC names needing to map onto DNS server names and zone names, but my memory may be playing tricks :-)
I need to setup a PDC on Samba 3. To achieve this I followed the steps described on the Samba docs and on some other websites I found after googling for a while. From the Samba side everything seems to be OK: Sorry to touch basics but .... Is your record of the form? _ldap._tcp.dc._msdcs.mydomain.com IN SRV 0 100 389 <PDC server>.mydomain.com and port 389 is open on server It was a long time ago I set this up... but I do vaguely remember something anout DOMAIN names, and PDC names needing to map onto DNS server names and z one names, but my memory may be playing tricks :-)
These DNS entries are not required for an NT4 domain, which is what a Samba 3.x PDC hosts/creates. These entries are used [primarily] by an AD (Windows 2003) domain. The absence of these entries will not prevent clients from joining the Samba 3 domain. http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html -- Adam Tauno Williams Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Adam Tauno Williams wrote:
I need to setup a PDC on Samba 3. To achieve this I followed the steps described on the Samba docs and on some other websites I found after googling for a while. From the Samba side everything seems to be OK:
Sorry to touch basics but .... Is your record of the form? _ldap._tcp.dc._msdcs.mydomain.com IN SRV 0 100 389 <PDC server>.mydomain.com and port 389 is open on server It was a long time ago I set this up... but I do vaguely remember something anout DOMAIN names, and PDC names needing to map onto DNS server names and z one names, but my memory may be playing tricks :-)
These DNS entries are not required for an NT4 domain, which is what a Samba 3.x PDC hosts/creates. These entries are used [primarily] by an AD (Windows 2003) domain. The absence of these entries will not prevent clients from joining the Samba 3 domain.
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html
-- Adam Tauno Williams Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org
Unfortunately, my XP Professional machine refused point blank to connect to the server until this DNS entry was setup, XP seems to use the service location protocols by default, and also is little more geared towards an AD environment even when talking to the now unsupported Domain Services side of things. I spent a frustrating couple of days trying to get to the bottom of what was going on. It is a relatively simple kludge which worked for me. It was not required with Samba 2 and it probably is not required for the Linux Samba client.
participants (4)
-
Adam Tauno Williams
-
G.T.Smith
-
Gaël Lams
-
Martin Mielke