Changing the IP Address of a Samba AD DC: Difference between revisions
From SambaWiki
Mmuehlfeld (talk | contribs) m (Mmuehlfeld moved page Change IP address of an Samba AD DC to Changing the IP Address of a Samba AD DC without leaving a redirect: Updated title) |
Mmuehlfeld (talk | contribs) (Rewrote page. Removed outdated and meanwhile incorrect procedure. Added steps for multi-domain environments.) |
||
Line 1: | Line 1: | ||
__TOC__ |
|||
= Introducion = |
|||
= Changing the IP Address of an Active Directory (AD) domain controller (DC) in a Multi-domain Environment = |
|||
This HowTo describes a way to change the IP address of your DC. |
|||
To change the IP address of an AD DC in a multi-domain environment: |
|||
'''Until this line is removed, consider this document as a DRAFT, that may contain faults or is missing something and can break your system!''' |
|||
* Demote the DC. For details, see [[Demote_a_Samba_AD_DC|Demote a Samba AD DC]]. |
|||
'''This HowTo comes WITHOUT ANY WARRANTY!''' |
|||
* Set the new IP address on the network interface and update the DNS server IP address in the <code>/etc/resolv.conf</code> file. For details, see your operating system's documentation. |
|||
* Rejoin the DC to the domain. For details, see [[Joining_a_Samba_DC_to_an_Existing_Active_Directory|Joining a Samba DC to an Existing Active Directory]]. |
|||
= General = |
|||
Changing the IP address of your DC can cause unexprected side effects! Always make sure you have a recoverable backup! And of course do intensive testing! |
|||
= Changing the IP Address of an AD DC in a Single-domain Environment = |
|||
'''Notice:''' This HowTo was tested only in a single DC environment! |
|||
{{Imbox |
|||
| type = warning |
|||
| text = Changing the IP address in a single-domain environment can cause problems with your Active Directory (AD). Verify that you have a restorable backup before changing the IP address. For details, see [[Back_up_and_Restoring_a_Samba_AD_DC|Back up and Restoring a Samba AD DC]]. |
|||
}} |
|||
For example, to change the IP address of the domain controller (DC) from <code>10.99.0.1</code> to <code>10.88.0.1</code>: |
|||
* Disconnect or shut down clients connected to the AD DC. |
|||
* Shut down the <code>samba</code> service. |
|||
* Set the new IP address on the network interface and update the DNS server IP address in the <code>/etc/resolv.conf</code> file. For details, see your operating system's documentation. |
|||
= Preconditions = |
|||
* If you use the <code>BIND9_DLZ</code> DNS back end: |
|||
* Current IP: 10.99.0.1 |
|||
:* If BIND is bound to the old IP address, update the <code>listen-on</code> parameter in the <code>option{}</code> section in the <code>/etc/named.conf</code> file: |
|||
* New IP: 10.99.0.200 |
|||
# listen-on port 53 { 127.0.0.1; <s>10.99.0.1</s> '''10.88.0.1'''; }; |
|||
:* Restart BIND. |
|||
* NIC: eth0 |
|||
:* Verify that BIND is listening on the new IP address: |
|||
# netstat -tulpn | grep ":53" |
|||
tcp 0 0 '''10.88.0.1:53''' 0.0.0.0:* LISTEN 1109/named |
|||
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1109/named |
|||
udp 0 0 '''10.88.0.1:53''' 0.0.0.0:* 1109/named |
|||
udp 0 0 127.00.1:53 0.0.0.0:* 1109/named |
|||
* If you set the IP address in the the <code>interfaces</code> parameter in the <code>[global]</code> section of your <code>smb.conf</code> file, update the address: |
|||
interfaces = 127.0.0.1 <s>10.99.0.1</s> '''10.88.0.1''' |
|||
* Start the <code>samba</code> service. |
|||
= Changing the IP of the DC = |
|||
⚫ | |||
Make sure, that no clients are connected to the server, while you do the changes. They'll be disconnected and won't reconnect until the next reboot! |
|||
* Add a NIC alias with the new IP: |
|||
# ifconfig eth0:0 10.99.0.200 up |
|||
* If you use the „interfaces = “ option in your smb.conf, then add the new aliased interface to it: |
|||
interfaces = lo eth0 eth0:0 |
|||
:This parameter is not used per default. If you made changes to your smb.conf, restart Samba! |
|||
⚫ | |||
# samba_dnsupdate --verbose |
# samba_dnsupdate --verbose |
||
: The <code>samba_dnsupdate</code> utility automatically updates all records in the local database. |
|||
* In the output of „samba_dnsupdate“, at least three „Failed“ messages will appear: |
|||
Failed to find matching DNS entry A samdom.example.com 10.99.0.200 |
|||
Failed to find matching DNS entry A dc1.samdom.example.com 10.99.0.200 |
|||
⚫ | |||
: Remember these records. We'll change them in the next step. |
|||
* Open the Windows DNS MMC and change the IP of all failed messages from the previous steps. |
|||
:[[Image:DNS_Manager.png]] |
|||
* Stutdown Samba. |
|||
* Remove the NIC alias: |
|||
# ifconfig eth0:0 down |
|||
* Verify that the DC's DNS records are resolved correctly: |
|||
* Change the IP address on your server, where ever it's necessary (NIC interface, /etc/hosts, etc.). |
|||
# host -t A samdom.example.com |
|||
* Start Samba again. |
|||
samdom.example.com has address 10.88.0.1 |
|||
# host -t A DC.samdom.example.com |
|||
DC.samdom.example.com has address 10.88.0.1 |
|||
⚫ | |||
gc._msdcs.samdom.example.com has address 10.88.0.1 |
|||
* Update your AD clients to use the new IP address of the AD DNS server. |
|||
'''Notice:''' You have to restart all Windows clients, that where up during the IP change, because the OS had cached the old values.! Otherwise these clients won't connect to the new IP. |
Revision as of 15:48, 18 December 2016
Changing the IP Address of an Active Directory (AD) domain controller (DC) in a Multi-domain Environment
To change the IP address of an AD DC in a multi-domain environment:
- Demote the DC. For details, see Demote a Samba AD DC.
- Set the new IP address on the network interface and update the DNS server IP address in the
/etc/resolv.conf
file. For details, see your operating system's documentation.
- Rejoin the DC to the domain. For details, see Joining a Samba DC to an Existing Active Directory.
Changing the IP Address of an AD DC in a Single-domain Environment
Changing the IP address in a single-domain environment can cause problems with your Active Directory (AD). Verify that you have a restorable backup before changing the IP address. For details, see Back up and Restoring a Samba AD DC. |
For example, to change the IP address of the domain controller (DC) from 10.99.0.1
to 10.88.0.1
:
- Disconnect or shut down clients connected to the AD DC.
- Shut down the
samba
service.
- Set the new IP address on the network interface and update the DNS server IP address in the
/etc/resolv.conf
file. For details, see your operating system's documentation.
- If you use the
BIND9_DLZ
DNS back end:
- If BIND is bound to the old IP address, update the
listen-on
parameter in theoption{}
section in the/etc/named.conf
file:
- If BIND is bound to the old IP address, update the
# listen-on port 53 { 127.0.0.1;10.99.0.110.88.0.1; };
- Restart BIND.
- Verify that BIND is listening on the new IP address:
# netstat -tulpn | grep ":53" tcp 0 0 10.88.0.1:53 0.0.0.0:* LISTEN 1109/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1109/named udp 0 0 10.88.0.1:53 0.0.0.0:* 1109/named udp 0 0 127.00.1:53 0.0.0.0:* 1109/named
- If you set the IP address in the the
interfaces
parameter in the[global]
section of yoursmb.conf
file, update the address:
interfaces = 127.0.0.110.99.0.110.88.0.1
- Start the
samba
service.
- Update the DNS entries:
# samba_dnsupdate --verbose
- The
samba_dnsupdate
utility automatically updates all records in the local database.
- Verify that the DC's DNS records are resolved correctly:
# host -t A samdom.example.com samdom.example.com has address 10.88.0.1 # host -t A DC.samdom.example.com DC.samdom.example.com has address 10.88.0.1 # host -t A gc._msdcs.samdom.example.com gc._msdcs.samdom.example.com has address 10.88.0.1
- Update your AD clients to use the new IP address of the AD DNS server.