Difference between revisions of "Changing the IP Address of a Samba AD DC"

m (Mmuehlfeld moved page Change IP address of an Samba AD DC to Changing the IP Address of a Samba AD DC without leaving a redirect: Updated title)
(Rewrote page. Removed outdated and meanwhile incorrect procedure. Added steps for multi-domain environments.)
Line 1: Line 1:
= Introducion =
+
__TOC__
  
This HowTo describes a way to change the IP address of your DC.
+
= Changing the IP Address of an Active Directory (AD) domain controller (DC) in a Multi-domain Environment =
  
'''Until this line is removed, consider this document as a DRAFT, that may contain faults or is missing something and can break your system!'''
+
To change the IP address of an AD DC in a multi-domain environment:
  
'''This HowTo comes WITHOUT ANY WARRANTY!'''
+
* Demote the DC. For details, see [[Demote_a_Samba_AD_DC|Demote a Samba AD DC]].
  
 +
* Set the new IP address on the network interface and update the DNS server IP address in the <code>/etc/resolv.conf</code> file. For details, see your operating system's documentation.
  
 +
* Rejoin the DC to the domain. For details, see [[Joining_a_Samba_DC_to_an_Existing_Active_Directory|Joining a Samba DC to an Existing Active Directory]].
  
  
  
= General =
 
  
Changing the IP address of your DC can cause unexprected side effects! Always make sure you have a recoverable backup! And of course do intensive testing!
 
  
'''Notice:''' This HowTo was tested only in a single DC environment!
+
= Changing the IP Address of an AD DC in a Single-domain Environment =
  
 +
{{Imbox
 +
| type = warning
 +
| text = Changing the IP address in a single-domain environment can cause problems with your Active Directory (AD). Verify that you have a restorable backup before changing the IP address. For details, see [[Back_up_and_Restoring_a_Samba_AD_DC|Back up and Restoring a Samba AD DC]].
 +
}}
  
 +
For example, to change the IP address of the domain controller (DC) from <code>10.99.0.1</code> to <code>10.88.0.1</code>:
  
 +
* Disconnect or shut down clients connected to the AD DC.
  
 +
* Shut down the <code>samba</code> service.
  
= Preconditions =
+
* Set the new IP address on the network interface and update the DNS server IP address in the <code>/etc/resolv.conf</code> file. For details, see your operating system's documentation.
  
* Current IP: 10.99.0.1
+
* If you use the <code>BIND9_DLZ</code> DNS back end:
  
* New IP: 10.99.0.200
+
:* If BIND is bound to the old IP address, update the <code>listen-on</code> parameter in the <code>option{}</code> section in the <code>/etc/named.conf</code> file:
 +
# listen-on port 53 { 127.0.0.1;  <s>10.99.0.1</s> '''10.88.0.1'''; };
  
* NIC: eth0
+
:* Restart BIND.
  
 +
:* Verify that BIND is listening on the new IP address:
  
 +
# netstat -tulpn | grep ":53"
 +
tcp        0      0 '''10.88.0.1:53'''      0.0.0.0:*          LISTEN      1109/named
 +
tcp        0      0 127.0.0.1:53      0.0.0.0:*          LISTEN      1109/named
 +
udp        0      0 '''10.88.0.1:53'''      0.0.0.0:*                      1109/named
 +
udp        0      0 127.00.1:53        0.0.0.0:*                      1109/named
  
 +
* If you set the IP address in the the <code>interfaces</code> parameter in the <code>[global]</code> section of your <code>smb.conf</code> file, update the address:
  
 +
interfaces = 127.0.0.1 <s>10.99.0.1</s> '''10.88.0.1'''
  
= Changing the IP of the DC =
+
* Start the <code>samba</code> service.
  
Make sure, that no clients are connected to the server, while you do the changes. They'll be disconnected and won't reconnect until the next reboot!
+
* Update the DNS entries:
 
 
* Add a NIC alias with the new IP:
 
# ifconfig eth0:0 10.99.0.200 up
 
 
 
* If you use the „interfaces = “ option in your smb.conf, then add the new aliased interface to it:
 
interfaces = lo eth0 eth0:0
 
:This parameter is not used per default. If you made changes to your smb.conf, restart Samba!
 
  
* Update the DNS entries:
 
 
  # samba_dnsupdate --verbose
 
  # samba_dnsupdate --verbose
  
* In the output of „samba_dnsupdate“, at least three „Failed“ messages will appear:
+
: The <code>samba_dnsupdate</code> utility automatically updates all records in the local database.
Failed to find matching DNS entry A samdom.example.com 10.99.0.200
 
Failed to find matching DNS entry A dc1.samdom.example.com 10.99.0.200
 
Failed to find matching DNS entry A gc._msdcs.samdom.example.com 10.99.0.200
 
: Remember these records. We'll change them in the next step.
 
 
 
* Open the Windows DNS MMC and change the IP of all failed messages from the previous steps.
 
:[[Image:DNS_Manager.png]]
 
 
 
* Stutdown Samba.
 
 
 
* Remove the NIC alias:
 
# ifconfig eth0:0 down
 
  
* Change the IP address on your server, where ever it's necessary (NIC interface, /etc/hosts, etc.).
+
* Verify that the DC's DNS records are resolved correctly:
  
* Start Samba again.
+
# host -t A samdom.example.com
 +
samdom.example.com has address 10.88.0.1
 +
 +
# host -t A DC.samdom.example.com
 +
DC.samdom.example.com has address 10.88.0.1
 +
 +
# host -t A gc._msdcs.samdom.example.com
 +
gc._msdcs.samdom.example.com has address 10.88.0.1
  
'''Notice:''' You have to restart all Windows clients, that where up during the IP change, because the OS had cached the old values.! Otherwise these clients won't connect to the new IP.
+
* Update your AD clients to use the new IP address of the AD DNS server.

Revision as of 15:48, 18 December 2016

Changing the IP Address of an Active Directory (AD) domain controller (DC) in a Multi-domain Environment

To change the IP address of an AD DC in a multi-domain environment:

  • Set the new IP address on the network interface and update the DNS server IP address in the /etc/resolv.conf file. For details, see your operating system's documentation.



Changing the IP Address of an AD DC in a Single-domain Environment

For example, to change the IP address of the domain controller (DC) from 10.99.0.1 to 10.88.0.1:

  • Disconnect or shut down clients connected to the AD DC.
  • Shut down the samba service.
  • Set the new IP address on the network interface and update the DNS server IP address in the /etc/resolv.conf file. For details, see your operating system's documentation.
  • If you use the BIND9_DLZ DNS back end:
  • If BIND is bound to the old IP address, update the listen-on parameter in the option{} section in the /etc/named.conf file:
# listen-on port 53 { 127.0.0.1;  10.99.0.1 10.88.0.1; };
  • Restart BIND.
  • Verify that BIND is listening on the new IP address:
# netstat -tulpn | grep ":53"
tcp        0      0 10.88.0.1:53       0.0.0.0:*          LISTEN      1109/named
tcp        0      0 127.0.0.1:53       0.0.0.0:*          LISTEN      1109/named
udp        0      0 10.88.0.1:53       0.0.0.0:*                      1109/named
udp        0      0 127.00.1:53        0.0.0.0:*                      1109/named
  • If you set the IP address in the the interfaces parameter in the [global] section of your smb.conf file, update the address:
interfaces = 127.0.0.1 10.99.0.1 10.88.0.1
  • Start the samba service.
  • Update the DNS entries:
# samba_dnsupdate --verbose
The samba_dnsupdate utility automatically updates all records in the local database.
  • Verify that the DC's DNS records are resolved correctly:
# host -t A samdom.example.com
samdom.example.com has address 10.88.0.1

# host -t A DC.samdom.example.com
DC.samdom.example.com has address 10.88.0.1

# host -t A gc._msdcs.samdom.example.com
gc._msdcs.samdom.example.com has address 10.88.0.1
  • Update your AD clients to use the new IP address of the AD DNS server.