Difference between revisions of "Changing the IP Address of a Samba AD DC"

m (Mmuehlfeld moved page Change IP address of the DC to Change IP address of a DC: fix titel)
m (/* added /etc/hosts)
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Introducion =
+
__TOC__
  
This HowTo describes a way to change the IP address of your DC.
+
= Changing the IP Address of an AD DC in a Single-DC domain Environment =
  
'''Until this line is removed, consider this document as a DRAFT, that may contain faults or is missing something and can break your system!'''
+
{{Imbox
 +
| type = warning
 +
| text = Changing the IP address in a single-DC domain environment can cause problems with your Active Directory (AD). Verify that you have a restorable backup before changing the IP address. For details, see [[Back_up_and_Restoring_a_Samba_AD_DC|Back up and Restoring a Samba AD DC]].
 +
}}
  
'''This HowTo comes WITHOUT ANY WARRANTY!'''
+
For example, to change the IP address of the domain controller (DC) from <code>10.99.0.1</code> to <code>10.88.0.1</code>:
  
 +
* Disconnect or shut down clients connected to the AD DC.
  
 +
* Shut down the <code>samba</code> service.
  
 +
* Set the new IP address on the network interface and update the DNS server IP address in the <code>/etc/resolv.conf</code> and <code>/etc/hosts</code> files. For details, see your operating system's documentation.
  
 +
* If you use the <code>BIND9_DLZ</code> DNS back end:
  
= General =
+
:* If BIND is bound to the old IP address, update the <code>listen-on</code> parameter in the <code>option{}</code> section in the <code>/etc/named.conf</code> file:
 +
# listen-on port 53 { 127.0.0.1;  <s>10.99.0.1</s> '''10.88.0.1'''; };
  
Changing the IP address of your DC can cause unexprected side effects! Always make sure you have a recoverable backup! And of course do intensive testing!
+
:* Restart BIND.
  
'''Notice:''' This HowTo was tested only in a single DC environment!
+
:* Verify that BIND is listening on the new IP address:
  
 +
# netstat -tulpn | grep ":53"
 +
tcp        0      0 '''10.88.0.1:53'''      0.0.0.0:*          LISTEN      1109/named
 +
tcp        0      0 127.0.0.1:53      0.0.0.0:*          LISTEN      1109/named
 +
udp        0      0 '''10.88.0.1:53'''      0.0.0.0:*                      1109/named
 +
udp        0      0 127.00.1:53        0.0.0.0:*                      1109/named
  
 +
* If you set the IP address in the <code>interfaces</code> parameter in the <code>[global]</code> section of your <code>smb.conf</code> file, update the address:
  
 +
interfaces = 127.0.0.1 <s>10.99.0.1</s> '''10.88.0.1'''
  
 +
* Start the <code>samba</code> service.
  
= Preconditions =
+
* Update the DNS entries:
  
* Current IP: 10.99.0.1
+
# samba_dnsupdate --verbose
  
* New IP: 10.99.0.200
+
: The <code>samba_dnsupdate</code> utility automatically updates records in the local database, using a file called <code>dns_update_list</code>. This file can be found in the <code>private</code> directory.
  
* NIC: eth0
+
* Verify that the DC's DNS records are resolved correctly:
  
 +
# host -t A samdom.example.com
 +
samdom.example.com has address 10.88.0.1
 +
 +
# host -t A DC.samdom.example.com
 +
DC.samdom.example.com has address 10.88.0.1
 +
 +
# host -t A gc._msdcs.samdom.example.com
 +
gc._msdcs.samdom.example.com has address 10.88.0.1
  
 +
* Update your AD clients to use the new IP address of the AD DNS server.
  
  
  
= Changing the IP of the DC =
 
  
Make sure, that no clients are connected to the server, while you do the changes. They'll be disconnected and won't reconnect until the next reboot!
+
= Changing the IP Address of an AD DC in a Multi-DC domain Environment =
  
* Add a NIC alias with the new IP:
+
To change the IP address of an Active Directory (AD) domain controller (DC) in a multi-DC domain environment:
# ifconfig eth0:0 10.99.0.200 up
 
  
* If you use the „interfaces = “ option in your smb.conf, then add the new aliased interface to it:
+
* Demote the DC. For details, see [[Demoting a Samba AD DC]].
interfaces = lo eth0 eth0:0
 
:This parameter is not used per default. If you made changes to your smb.conf, restart Samba!
 
  
* Update the DNS entries:
+
* Set the new IP address in the DC's network configuration.
# samba_dnsupdate --verbose
 
  
* In the output of „samba_dnsupdate“, at least three „Failed“ messages will appear:
+
* Rejoin the DC to the domain. For details, see [[Joining_a_Samba_DC_to_an_Existing_Active_Directory|Joining a Samba DC to an Existing Active Directory]].
Failed to find matching DNS entry A samdom.example.com 10.99.0.200
 
Failed to find matching DNS entry A dc1.samdom.example.com 10.99.0.200
 
Failed to find matching DNS entry A gc._msdcs.samdom.example.com 10.99.0.200
 
: Remember these records. We'll change them in the next step.
 
  
* Open the Windows DNS MMC and change the IP of all failed messages from the previous steps.
+
* If the DC is a DNS server for AD DNS zones, set the new IP address in all domain member's DNS settings.
:[[Image:DNS_Manager.png]]
 
  
* Stutdown Samba.
 
  
* Remove the NIC alias:
 
# ifconfig eth0:0 down
 
  
* Change the IP address on your server, where ever it's necessary (NIC interface, /etc/hosts, etc.).
 
  
* Start Samba again.
 
  
'''Notice:''' You have to restart all Windows clients, that where up during the IP change, because the OS had cached the old values.! Otherwise these clients won't connect to the new IP.
+
----
 +
[[Category:Active Directory]]

Latest revision as of 14:03, 16 July 2020

Changing the IP Address of an AD DC in a Single-DC domain Environment

For example, to change the IP address of the domain controller (DC) from 10.99.0.1 to 10.88.0.1:

  • Disconnect or shut down clients connected to the AD DC.
  • Shut down the samba service.
  • Set the new IP address on the network interface and update the DNS server IP address in the /etc/resolv.conf and /etc/hosts files. For details, see your operating system's documentation.
  • If you use the BIND9_DLZ DNS back end:
  • If BIND is bound to the old IP address, update the listen-on parameter in the option{} section in the /etc/named.conf file:
# listen-on port 53 { 127.0.0.1;  10.99.0.1 10.88.0.1; };
  • Restart BIND.
  • Verify that BIND is listening on the new IP address:
# netstat -tulpn | grep ":53"
tcp        0      0 10.88.0.1:53       0.0.0.0:*          LISTEN      1109/named
tcp        0      0 127.0.0.1:53       0.0.0.0:*          LISTEN      1109/named
udp        0      0 10.88.0.1:53       0.0.0.0:*                      1109/named
udp        0      0 127.00.1:53        0.0.0.0:*                      1109/named
  • If you set the IP address in the interfaces parameter in the [global] section of your smb.conf file, update the address:
interfaces = 127.0.0.1 10.99.0.1 10.88.0.1
  • Start the samba service.
  • Update the DNS entries:
# samba_dnsupdate --verbose
The samba_dnsupdate utility automatically updates records in the local database, using a file called dns_update_list. This file can be found in the private directory.
  • Verify that the DC's DNS records are resolved correctly:
# host -t A samdom.example.com
samdom.example.com has address 10.88.0.1

# host -t A DC.samdom.example.com
DC.samdom.example.com has address 10.88.0.1

# host -t A gc._msdcs.samdom.example.com
gc._msdcs.samdom.example.com has address 10.88.0.1
  • Update your AD clients to use the new IP address of the AD DNS server.



Changing the IP Address of an AD DC in a Multi-DC domain Environment

To change the IP address of an Active Directory (AD) domain controller (DC) in a multi-DC domain environment:

  • Set the new IP address in the DC's network configuration.
  • If the DC is a DNS server for AD DNS zones, set the new IP address in all domain member's DNS settings.