Verifying and Creating a DC DNS Record: Difference between revisions
From SambaWiki
Mmuehlfeld (talk | contribs) (Moved content to a separate page, because it its valid for all DC joins (Samba + Windows). So it can be referenced in all documentation and hasn't to be maintained twice.) |
(No difference)
|
Revision as of 18:02, 20 December 2014
Introduction
When you join a new Domain Controller to the domain, Samba currently doesn't create two important DNS records (Bug #10928). This documentation shows how to check, if the records exist and if not, how to add them manually.
Server information
This documentation uses the following configuration/settings:
DNS Server, authorative for the AD domain: DC1 (10.99.0.1) New DC, that was joined to the domain: DC2 (10.99.0.2) DNS domain name: samdom.example.com Domain Administrator: Administrator Domain Administrator Password: passw0rd
Resolve the A record of the new joined Domain Controller
# host -t A DC2.samdom.example.com. DC2.samdom.example.com has address 10.99.0.2
If the record could not be resolved to its IP, you will receive the following output instead:
# host -t A DC2.samdom.example.com. Host DC2.samdom.example.com. not found: 3(NXDOMAIN)
In this case, you have to add the record manually to the AD DNS zone:
# samba-tool dns add DC1 samdom.example.com DC2 A 10.99.0.2 -Uadministrator Password for [SAMDOM\administrator]: passw0rd Record added successfully
Re-check afterwards again!
Resolve the objectGUID CNAME record of the new joined Domain Controller
- First, you have to find out the objectGUID of the new joined Domain Controller:
# ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com objectGUID: df4bdd8c-abc7-4779-b01e-4dd4553ca3e9 # record 2 dn: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com objectGUID: 4a6bd92a-6612-4b15-aa8c-9ec371e8994f # returned 2 records # 2 entries # 0 referrals
- Query the CNAME of the objectGUID in the _msdcs.samdom.example.com zone. It must be an alias to the hostname of the new joined DC:
# host -t CNAME df4bdd8c-abc7-4779-b01e-4dd4553ca3e9._msdcs.samdom.example.com. df4bdd8c-abc7-4779-b01e-4dd4553ca3e9._msdcs.samdom.example.com is an alias for DC2.samdom.example.com.
- If the record could not be resolved, you will receive:
# host -t CNAME df4bdd8c-abc7-4779-b01e-4dd4553ca3e9._msdcs.samdom.example.com. Host df4bdd8c-abc7-4779-b01e-4dd4553ca3e9._msdcs.samdom.example.com. not found: 3(NXDOMAIN)
- In this case, you have to add the record manually to the AD DNS zone:
# samba-tool dns add DC1 _msdcs.samdom.example.com df4bdd8c-abc7-4779-b01e-4dd4553ca3e9 CNAME DC2.samdom.example.com -Uadministrator Password for [SAMDOM\administrator]: passw0rd Record added successfully
- Re-check afterwards again!