Changing the IP Address of a Samba AD DC: Difference between revisions

From SambaWiki
m (Mmuehlfeld moved page Change IP address of the DC to Change IP address of a DC: fix titel)
m (/* minor update)
(9 intermediate revisions by one other user not shown)
Line 1: Line 1:
__TOC__
= Introducion =


= Changing the IP Address of an AD DC in a Multi-domain Environment =
This HowTo describes a way to change the IP address of your DC.


To change the IP address of an Active Directory (AD) domain controller (DC) in a multi-domain environment:
'''Until this line is removed, consider this document as a DRAFT, that may contain faults or is missing something and can break your system!'''


* Demote the DC. For details, see [[Demoting a Samba AD DC]].
'''This HowTo comes WITHOUT ANY WARRANTY!'''


* Set the new IP address in the DC's network configuration.


* Rejoin the DC to the domain. For details, see [[Joining_a_Samba_DC_to_an_Existing_Active_Directory|Joining a Samba DC to an Existing Active Directory]].


* If the DC is a DNS server for AD DNS zones, set the new IP address in all domain member's DNS settings.




= General =


Changing the IP address of your DC can cause unexprected side effects! Always make sure you have a recoverable backup! And of course do intensive testing!


'''Notice:''' This HowTo was tested only in a single DC environment!


= Changing the IP Address of an AD DC in a Single-domain Environment =


{{Imbox
| type = warning
| text = Changing the IP address in a single-domain environment can cause problems with your Active Directory (AD). Verify that you have a restorable backup before changing the IP address. For details, see [[Back_up_and_Restoring_a_Samba_AD_DC|Back up and Restoring a Samba AD DC]].
}}


For example, to change the IP address of the domain controller (DC) from <code>10.99.0.1</code> to <code>10.88.0.1</code>:


* Disconnect or shut down clients connected to the AD DC.


* Shut down the <code>samba</code> service.
= Preconditions =


* Set the new IP address on the network interface and update the DNS server IP address in the <code>/etc/resolv.conf</code> file. For details, see your operating system's documentation.
* Current IP: 10.99.0.1


* If you use the <code>BIND9_DLZ</code> DNS back end:
* New IP: 10.99.0.200


:* If BIND is bound to the old IP address, update the <code>listen-on</code> parameter in the <code>option{}</code> section in the <code>/etc/named.conf</code> file:
* NIC: eth0
# listen-on port 53 { 127.0.0.1; <s>10.99.0.1</s> '''10.88.0.1'''; };


:* Restart BIND.


:* Verify that BIND is listening on the new IP address:


# netstat -tulpn | grep ":53"
tcp 0 0 '''10.88.0.1:53''' 0.0.0.0:* LISTEN 1109/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1109/named
udp 0 0 '''10.88.0.1:53''' 0.0.0.0:* 1109/named
udp 0 0 127.00.1:53 0.0.0.0:* 1109/named


* If you set the IP address in the <code>interfaces</code> parameter in the <code>[global]</code> section of your <code>smb.conf</code> file, update the address:


interfaces = 127.0.0.1 <s>10.99.0.1</s> '''10.88.0.1'''
= Changing the IP of the DC =


* Start the <code>samba</code> service.
Make sure, that no clients are connected to the server, while you do the changes. They'll be disconnected and won't reconnect until the next reboot!

* Add a NIC alias with the new IP:
# ifconfig eth0:0 10.99.0.200 up

* If you use the „interfaces = “ option in your smb.conf, then add the new aliased interface to it:
interfaces = lo eth0 eth0:0
:This parameter is not used per default. If you made changes to your smb.conf, restart Samba!


* Update the DNS entries:
* Update the DNS entries:

# samba_dnsupdate --verbose
# samba_dnsupdate --verbose


: The <code>samba_dnsupdate</code> utility automatically updates records in the local database, using a file called <code>dns_update_list</code>. This file can be found in the <code>private</code> directory.
* In the output of „samba_dnsupdate“, at least three „Failed“ messages will appear:

Failed to find matching DNS entry A samdom.example.com 10.99.0.200
* Verify that the DC's DNS records are resolved correctly:
Failed to find matching DNS entry A dc1.samdom.example.com 10.99.0.200

Failed to find matching DNS entry A gc._msdcs.samdom.example.com 10.99.0.200
# host -t A samdom.example.com
: Remember these records. We'll change them in the next step.
samdom.example.com has address 10.88.0.1
# host -t A DC.samdom.example.com
DC.samdom.example.com has address 10.88.0.1
# host -t A gc._msdcs.samdom.example.com
gc._msdcs.samdom.example.com has address 10.88.0.1


* Update your AD clients to use the new IP address of the AD DNS server.
* Open the Windows DNS MMC and change the IP of all failed messages from the previous steps.
:[[Image:DNS_Manager.png]]


* Stutdown Samba.


* Remove the NIC alias:
# ifconfig eth0:0 down


* Change the IP address on your server, where ever it's necessary (NIC interface, /etc/hosts, etc.).


* Start Samba again.


----
'''Notice:''' You have to restart all Windows clients, that where up during the IP change, because the OS had cached the old values.! Otherwise these clients won't connect to the new IP.
[[Category:Active Directory]]

Revision as of 19:12, 29 February 2020

Changing the IP Address of an AD DC in a Multi-domain Environment

To change the IP address of an Active Directory (AD) domain controller (DC) in a multi-domain environment:

  • Set the new IP address in the DC's network configuration.
  • If the DC is a DNS server for AD DNS zones, set the new IP address in all domain member's DNS settings.



Changing the IP Address of an AD DC in a Single-domain Environment

For example, to change the IP address of the domain controller (DC) from 10.99.0.1 to 10.88.0.1:

  • Disconnect or shut down clients connected to the AD DC.
  • Shut down the samba service.
  • Set the new IP address on the network interface and update the DNS server IP address in the /etc/resolv.conf file. For details, see your operating system's documentation.
  • If you use the BIND9_DLZ DNS back end:
  • If BIND is bound to the old IP address, update the listen-on parameter in the option{} section in the /etc/named.conf file:
# listen-on port 53 { 127.0.0.1;  10.99.0.1 10.88.0.1; };
  • Restart BIND.
  • Verify that BIND is listening on the new IP address:
# netstat -tulpn | grep ":53"
tcp        0      0 10.88.0.1:53       0.0.0.0:*          LISTEN      1109/named
tcp        0      0 127.0.0.1:53       0.0.0.0:*          LISTEN      1109/named
udp        0      0 10.88.0.1:53       0.0.0.0:*                      1109/named
udp        0      0 127.00.1:53        0.0.0.0:*                      1109/named
  • If you set the IP address in the interfaces parameter in the [global] section of your smb.conf file, update the address:
interfaces = 127.0.0.1 10.99.0.1 10.88.0.1
  • Start the samba service.
  • Update the DNS entries:
# samba_dnsupdate --verbose
The samba_dnsupdate utility automatically updates records in the local database, using a file called dns_update_list. This file can be found in the private directory.
  • Verify that the DC's DNS records are resolved correctly:
# host -t A samdom.example.com
samdom.example.com has address 10.88.0.1

# host -t A DC.samdom.example.com
DC.samdom.example.com has address 10.88.0.1

# host -t A gc._msdcs.samdom.example.com
gc._msdcs.samdom.example.com has address 10.88.0.1
  • Update your AD clients to use the new IP address of the AD DNS server.