samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] Samba4 - Problem trying to add Win 2008 R2

[Samba] Samba4 - Problem trying to add Win 2008 R2 server to Samba4 AD-DC

From: David Gonzalez <info_at_nospam>
Date: Tue Aug 10 2010 - 04:06:11 GMT
To: Samba <samba@lists.samba.org>

Hi,
'm trying to setup a Win 2k8 r2 as member server of my domain as Andrew did
on his video, but I've come across this error:

Aug 9 22:47:10 voip named[17100]: client 192.168.254.160#62102: updating
zone 'samba.dghvoip.com/IN': update unsuccessful: samba.dghvoip.com: 'name
not in use' prerequisite not satisfied (YXDOMAIN)

I followed SambaWiki howto word by word, and my Win2k8k has static IP
192.168.254.160 and my samba box (192.168.254.100) as DNS.

when I run dcpromo and see the "Add additional server options" screen, the
white window with "We could not determine if dynamic updates are enabled on
the DNS Server....".

My setup is as follows:

# samba -V
Version 4.0.0alpha12-GIT-e0f79da

DHCPD server is running on this same machine.

# cat /etc/dhcpd.conf
# If hardware address begins with 00:FF, the client is an
# openvpn tap adapter, and we do not want to assign a
# default gateway or dns server. Assign then to a special
# subclass and configure a pool which does not hand out
# these parameters.
class "openvpn" {
        match if substring (hardware, 1, 2) = 00:FF;
}

# end class declaration
authoritative; # No other DHCP servers on this
subnet
ddns-update-style interim; # Supported update method - see man
dhcpd.conf
allow client-updates; # Overwrite client configured FQHNs
# If you have fixed-address entries you want to use dynamic dns
update-static-leases on;
one-lease-per-client on;
ping-timeout 5;
deny duplicates;
allow booting;
allow bootp;
option option-128 code 128 = string;
option option-129 code 129 = text;

key dhcpupdate { # Key for DNS updates
    algorithm hmac-md5;
    secret "v63XUntwqSRXBjbVhLsGQg==";
}

zone dghvoip.lan. {
        primary 127.0.0.1;
        key dhcpupdate;
}

zone 254.168.192.in-addr.arpa. {
        primary 127.0.0.1;
        key dhcpupdate;
}

subnet 192.168.254.0 netmask 255.255.255.0 {
# ignore client-updates;
        always-broadcast on;
        ddns-updates on;
        ddns-rev-domainname "in-addr.arpa";
        ddns-domainname "dghvoip.lan";
# default-lease-time 280600;
# max-lease-time 561200;
        next-server 192.168.254.110;
        filename "/pxelinux.0";
        option subnet-mask 255.255.255.0;
        option domain-name "dghvoip.lan";
        option domain-name-servers 192.168.254.110, 192.168.254.130,
208.67.222.222;
        option time-offset -0500;
        option ntp-servers 192.168.254.110;
        option time-servers 192.168.254.110;
        option tftp-server-name "xenserver.dghvoip.lan";
        one-lease-per-client true;
        # required for phones to pickup profile
        option netbios-name-servers 192.168.254.130;
        option netbios-node-type 8;
        ###########################
        ### LAN non-VPN Clients ###
        ###########################
        pool {
                deny members of "openvpn";
                range 192.168.254.51 192.168.254.99;
                option routers 192.168.254.1;
                option domain-name-servers 192.168.254.130, 208.67.222.222;
                one-lease-per-client true;
                default-lease-time 280600;
                max-lease-time 561200;
                #dns-hostname = concat ("dhcp-", binary-to-ascii (10, 8,
"-", leased-address));
        }
        #############################
        ### VPN CLient parameters ###
        #############################
        pool {
                allow members of "openvpn";
                range 192.168.254.21 192.168.254.50;
                ddns-hostname = concat ("vpn-", binary-to-ascii (10, 8, "-",
leased-address));
                option domain-name-servers 192.168.254.110,
192.168.254.130;
        option netbios-name-servers 192.168.254.160;
                option netbios-node-type 8;
                default-lease-time 3600;
                max-lease-time 7200;
                one-lease-per-client true;
        }
}

# /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 192.168.254.100; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };
    recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside . trust-anchor dlv.isc.org.;
[01] /etc/named.conf 21,01
Top

# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 192.168.254.100; };
        listen-on-v6 port 53 { ::1; };
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query { any; };
        recursion yes;
// dnssec-enable yes;
// dnssec-validation yes;
// dnssec-lookaside . trust-anchor dlv.isc.org.;

        tkey-gssapi-credential "DNS/samba.dghvoip.com";
        tkey-domain "SAMBA.DGHVOIP.COM";

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/usr/local/samba/private/named.conf";

include "/etc/named.rfc1912.zones";

include "/etc/named.iscdlv.key";

# cat /usr/local/samba/private/named.conf

zone "samba.dghvoip.com." IN {
        type master;
        file "/usr/local/samba/private/dns/samba.dghvoip.com.zone";
        include "/usr/local/samba/private/named.conf.update";
        check-names ignore;
};

# cat /usr/local/samba/private/named.
named.conf named.conf.update named.txt
[root@voip ~]# cat /usr/local/samba/private/named.conf.update
/* this file is auto-generated - do not edit */
update-policy {
        grant SAMBA.DGHVOIP.COM ms-self * A AAAA;
        grant administrator@SAMBA.DGHVOIP.COM wildcard * A AAAA SRV CNAME
TXT;
        grant VOIP$@SAMBA.DGHVOIP.COM wildcard * A AAAA SRV CNAME;
};

# cat /usr/local/samba/private/dns/samba.dghvoip.com.zone
; -*- zone -*-
; generated by provision.pl
$ORIGIN samba.dghvoip.com.
$TTL 1W
@ IN SOA @ hostmaster (
                                2010080921 ; serial
                                2D ; refresh
                                4H ; retry
                                6W ; expiry
                                1W ) ; minimum
                        IN NS voip

            IN A 192.168.254.100
;

voip IN A 192.168.254.100
gc._msdcs IN A 192.168.254.100

ebb75fa1-e4ac-443c-ad9d-9878e1ff3f0d._msdcs IN CNAME voip
;
; global catalog servers
_gc._tcp IN SRV 0 100 3268 voip
_gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268 voip
_ldap._tcp.gc._msdcs IN SRV 0 100 3268 voip
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 3268
voip
;
; ldap servers
_ldap._tcp IN SRV 0 100 389 voip
_ldap._tcp.dc._msdcs IN SRV 0 100 389 voip
_ldap._tcp.pdc._msdcs IN SRV 0 100 389 voip
_ldap._tcp.7620096c-a269-4881-99e1-149da78a4a36.domains._msdcs IN
SRV 0 100 389 voip
_ldap._tcp.Default-First-Site-Name._sites IN SRV 0 100 389
voip
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389
voip
;
; krb5 servers
_kerberos._tcp IN SRV 0 100 88 voip
_kerberos._tcp.dc._msdcs IN SRV 0 100 88 voip
_kerberos._tcp.Default-First-Site-Name._sites IN SRV 0 100 88 voip
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 voip
_kerberos._udp IN SRV 0 100 88 voip
; MIT kpasswd likes to lookup this name on password change
_kerberos-master._tcp IN SRV 0 100 88 voip
_kerberos-master._udp IN SRV 0 100 88 voip
;
; kpasswd
_kpasswd._tcp IN SRV 0 100 464 voip
_kpasswd._udp IN SRV 0 100 464 voip
;
; heimdal 'find realm for host' hack
_kerberos IN TXT SAMBA.DGHVOIP.COM

# cat /etc/krb5.conf
[libdefaults]
        default_realm = SAMBA.DGHVOIP.COM
        dns_lookup_realm = false
        dns_lookup_kdc = false
        ticket_lifetime = 24h
        forwardable = yes

[realms]
        SAMBA.DGHVOIP.COM = {
                kdc = voip.samba.dghvoip.com:88
                admin_server = voip.samba.dghvoip.com:749
                default_domain = samba.dghvoip.com
        }

[domain_realm]
        .samba.dghvoip.com = SAMBA.DGHVOIP.COM
        samba.dghvoip.com = SAMBA.DGHVOIP.COM

# cat /usr/local/samba/etc/smb.conf
[globals]
        netbios name = VOIP
        workgroup = DGHVOIP
        realm = SAMBA.DGHVOIP.COM
        server role = domain controller
    interfaces = eth0
    wins support = yes
    log level = 3
    rndc command = true

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/dghvoip.lan/scripts
        read only = no

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = no

[media]
       path = /home/downloads
       read only = no

[profiles]
       path = /home/profiles
       read only = no

[temp]
       path = /tmp
       read only = no

# cat /etc/resolv.conf
nameserver localhost
nameserver 127.0.0.1

# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.254.100 voip.samba.dghvoip.com voip

# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=voip.samba.dghvoip.com
GATEWAY=192.168.254.1

If any additional info is required I'll be glad to post it here.

Any tips will be greatly appreciated

Thanks

--- David Gonzalez H. DGHVoIP - OPEN SOURCE TELEPHONY SOLUTIONS Phone Bogotá: +(57-1)289-1168 Phone Medellin: +(57-4)247-0985 Mobile: +(57)315-838-8326 MSN: david@planetaradio.net Skype: davidgonzalezh WEB: http://www.dghvoip.com/ Proud Linux User #294661 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba