Changing the IP Address of a Samba AD DC: Difference between revisions
From SambaWiki
Mmuehlfeld (talk | contribs) m (Mmuehlfeld moved page Change IP address of a DC to Change IP address of an Samba AD DC without leaving a redirect: fix title) |
m (/* added /etc/hosts) |
||
(11 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
__TOC__ |
|||
= Introducion = |
|||
= Changing the IP Address of an AD DC in a Single-DC domain Environment = |
|||
This HowTo describes a way to change the IP address of your DC. |
|||
{{Imbox |
|||
'''Until this line is removed, consider this document as a DRAFT, that may contain faults or is missing something and can break your system!''' |
|||
| type = warning |
|||
| text = Changing the IP address in a single-DC domain environment can cause problems with your Active Directory (AD). Verify that you have a restorable backup before changing the IP address. For details, see [[Back_up_and_Restoring_a_Samba_AD_DC|Back up and Restoring a Samba AD DC]]. |
|||
}} |
|||
For example, to change the IP address of the domain controller (DC) from <code>10.99.0.1</code> to <code>10.88.0.1</code>: |
|||
'''This HowTo comes WITHOUT ANY WARRANTY!''' |
|||
* Disconnect or shut down clients connected to the AD DC. |
|||
* Shut down the <code>samba</code> service. |
|||
* Set the new IP address on the network interface and update the DNS server IP address in the <code>/etc/resolv.conf</code> and <code>/etc/hosts</code> files. For details, see your operating system's documentation. |
|||
* If you use the <code>BIND9_DLZ</code> DNS back end: |
|||
:* If BIND is bound to the old IP address, update the <code>listen-on</code> parameter in the <code>option{}</code> section in the <code>/etc/named.conf</code> file: |
|||
= General = |
|||
# listen-on port 53 { 127.0.0.1; <s>10.99.0.1</s> '''10.88.0.1'''; }; |
|||
:* Restart BIND. |
|||
Changing the IP address of your DC can cause unexprected side effects! Always make sure you have a recoverable backup! And of course do intensive testing! |
|||
:* Verify that BIND is listening on the new IP address: |
|||
'''Notice:''' This HowTo was tested only in a single DC environment! |
|||
# netstat -tulpn | grep ":53" |
|||
tcp 0 0 '''10.88.0.1:53''' 0.0.0.0:* LISTEN 1109/named |
|||
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1109/named |
|||
udp 0 0 '''10.88.0.1:53''' 0.0.0.0:* 1109/named |
|||
udp 0 0 127.00.1:53 0.0.0.0:* 1109/named |
|||
* If you set the IP address in the <code>interfaces</code> parameter in the <code>[global]</code> section of your <code>smb.conf</code> file, update the address: |
|||
interfaces = 127.0.0.1 <s>10.99.0.1</s> '''10.88.0.1''' |
|||
* Start the <code>samba</code> service. |
|||
⚫ | |||
= Preconditions = |
|||
⚫ | |||
* Current IP: 10.99.0.1 |
|||
: The <code>samba_dnsupdate</code> utility automatically updates records in the local database, using a file called <code>dns_update_list</code>. This file can be found in the <code>private</code> directory. |
|||
* New IP: 10.99.0.200 |
|||
* Verify that the DC's DNS records are resolved correctly: |
|||
* NIC: eth0 |
|||
# host -t A samdom.example.com |
|||
samdom.example.com has address 10.88.0.1 |
|||
# host -t A DC.samdom.example.com |
|||
DC.samdom.example.com has address 10.88.0.1 |
|||
⚫ | |||
gc._msdcs.samdom.example.com has address 10.88.0.1 |
|||
* Update your AD clients to use the new IP address of the AD DNS server. |
|||
= Changing the IP of the DC = |
|||
= Changing the IP Address of an AD DC in a Multi-DC domain Environment = |
|||
Make sure, that no clients are connected to the server, while you do the changes. They'll be disconnected and won't reconnect until the next reboot! |
|||
To change the IP address of an Active Directory (AD) domain controller (DC) in a multi-DC domain environment: |
|||
* Add a NIC alias with the new IP: |
|||
# ifconfig eth0:0 10.99.0.200 up |
|||
* Demote the DC. For details, see [[Demoting a Samba AD DC]]. |
|||
* If you use the „interfaces = “ option in your smb.conf, then add the new aliased interface to it: |
|||
interfaces = lo eth0 eth0:0 |
|||
:This parameter is not used per default. If you made changes to your smb.conf, restart Samba! |
|||
* Set the new IP address in the DC's network configuration. |
|||
⚫ | |||
⚫ | |||
* Rejoin the DC to the domain. For details, see [[Joining_a_Samba_DC_to_an_Existing_Active_Directory|Joining a Samba DC to an Existing Active Directory]]. |
|||
* In the output of „samba_dnsupdate“, at least three „Failed“ messages will appear: |
|||
Failed to find matching DNS entry A samdom.example.com 10.99.0.200 |
|||
Failed to find matching DNS entry A dc1.samdom.example.com 10.99.0.200 |
|||
⚫ | |||
: Remember these records. We'll change them in the next step. |
|||
* |
* If the DC is a DNS server for AD DNS zones, set the new IP address in all domain member's DNS settings. |
||
:[[Image:DNS_Manager.png]] |
|||
* Stutdown Samba. |
|||
* Remove the NIC alias: |
|||
# ifconfig eth0:0 down |
|||
* Change the IP address on your server, where ever it's necessary (NIC interface, /etc/hosts, etc.). |
|||
* Start Samba again. |
|||
---- |
|||
'''Notice:''' You have to restart all Windows clients, that where up during the IP change, because the OS had cached the old values.! Otherwise these clients won't connect to the new IP. |
|||
[[Category:Active Directory]] |
Latest revision as of 14:03, 16 July 2020
Changing the IP Address of an AD DC in a Single-DC domain Environment
Changing the IP address in a single-DC domain environment can cause problems with your Active Directory (AD). Verify that you have a restorable backup before changing the IP address. For details, see Back up and Restoring a Samba AD DC. |
For example, to change the IP address of the domain controller (DC) from 10.99.0.1
to 10.88.0.1
:
- Disconnect or shut down clients connected to the AD DC.
- Shut down the
samba
service.
- Set the new IP address on the network interface and update the DNS server IP address in the
/etc/resolv.conf
and/etc/hosts
files. For details, see your operating system's documentation.
- If you use the
BIND9_DLZ
DNS back end:
- If BIND is bound to the old IP address, update the
listen-on
parameter in theoption{}
section in the/etc/named.conf
file:
- If BIND is bound to the old IP address, update the
# listen-on port 53 { 127.0.0.1;10.99.0.110.88.0.1; };
- Restart BIND.
- Verify that BIND is listening on the new IP address:
# netstat -tulpn | grep ":53" tcp 0 0 10.88.0.1:53 0.0.0.0:* LISTEN 1109/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1109/named udp 0 0 10.88.0.1:53 0.0.0.0:* 1109/named udp 0 0 127.00.1:53 0.0.0.0:* 1109/named
- If you set the IP address in the
interfaces
parameter in the[global]
section of yoursmb.conf
file, update the address:
interfaces = 127.0.0.110.99.0.110.88.0.1
- Start the
samba
service.
- Update the DNS entries:
# samba_dnsupdate --verbose
- The
samba_dnsupdate
utility automatically updates records in the local database, using a file calleddns_update_list
. This file can be found in theprivate
directory.
- Verify that the DC's DNS records are resolved correctly:
# host -t A samdom.example.com samdom.example.com has address 10.88.0.1 # host -t A DC.samdom.example.com DC.samdom.example.com has address 10.88.0.1 # host -t A gc._msdcs.samdom.example.com gc._msdcs.samdom.example.com has address 10.88.0.1
- Update your AD clients to use the new IP address of the AD DNS server.
Changing the IP Address of an AD DC in a Multi-DC domain Environment
To change the IP address of an Active Directory (AD) domain controller (DC) in a multi-DC domain environment:
- Demote the DC. For details, see Demoting a Samba AD DC.
- Set the new IP address in the DC's network configuration.
- Rejoin the DC to the domain. For details, see Joining a Samba DC to an Existing Active Directory.
- If the DC is a DNS server for AD DNS zones, set the new IP address in all domain member's DNS settings.