Web lists-archives.com

Re: [Samba] File server questions






Em 12/09/2017 04:32, L.P.H. van Belle via samba escreveu:
-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
Rowland Penny via samba
Verzonden: maandag 11 september 2017 18:50
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: Re: [Samba] File server questions

On Mon, 11 Sep 2017 13:08:16 -0300
Flávio Silveira via samba <samba@xxxxxxxxxxxxxxx> wrote:

My question is actually if I have to deal with the hosting
company DNS
zones or not, because 'tecnopon.com.br' is hosted there, my guess,
giving Louis's answer and yours, is I don't need to.
As you will only be forwarding unknown requests (such as
www.google.com) to your hosting company, you do not have to
deal with their dns servers at all.

Also, I am currently using a DHCP Server to give static IPs
based on
mac address, I guess I don't need to set the ip manually if I use
something like "method 3" described in [1] to prevent
/etc/resolv.conf
updates, what do you think?

[1]: https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf

Never really understood using dhcp for fixed ipaddresses,
well possibly for one or two machines, but even then, what is
the point ?
I would give a fixed IP to all the machines that should have
one (servers, printers etc). Then for any other machines that
can and should have a dhcp IP (laptops etc), create a pool
based around the fixed machines. This way, you can tell, just
from the IP, just what the machine is likely to be.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
When i look at that link, https://www.vultr.com/docs/stop-dhcp-from-changing-resolve-conf
Then only option 1 is the "real" correct one. Imho.
Option 2, and options 3 are masking a configuration errors.

If you want to use dhcp with servers, sure possible, no problem at all, but not recommended.
Now have a look at : /etc/dhcp/dhclient.conf

That shows, something like this ( the default on debian )

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;

send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
         domain-name, domain-name-servers, domain-search, host-name,
         dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
         netbios-name-servers, netbios-scope, interface-mtu,
         rfc3442-classless-static-routes, ntp-servers;

DHCP Server requests. : ( involving your points. )
  domain-name, domain-name-servers, domain-search
( ntp-servers and time-offset are also very important )

As long as the dhcp server sends the correct info here, you resolv.conf is always correct.
The search setting should be : ad.tecnopon.com.br
You need the domain-name so you have the correct zone for name server changes. (ad.tecnopon.com.br)
You need the domain-search so you can resolv hostname -s and hostname -f within the same domain. (ad.tecnopon.com.br)

If you also use resolvconf then add the needed options, for example if you have a proxy server with bind,
Then resolvconf is the best options, because you can add named_options and named_zones,
Which can be handy for the external zones. ( you can add a forward zone in bind for the internet zone.)
Should not be needed but also here, can be handy, this all depending on you setup.

But key here is, if you rebooted you server and your resolv.conf settings are wrong, then you have a setting in dhcp thats incorrect.
( or if resolvconf is installed, review /etc/network/interfaces ( missing dns-
Since you have ips assigned by mac, review that config.
Look in this file : cat /var/lib/dhcp/dhclient.eth0.leases
( if you interface is eth0, change to your interface name. )

And i agree with Rowland's suggestion to create pools, that makes is much better to handle these settings.
So i suggest, review you dhcp server settings and dhcp client settings.
That is, imo, the correct way to set this up. ( If you must use the dhcp server for the members. )
This wil also hold for the long run.



Greetz,

Louis




Thanks for the replies Rowland and Louis!

Giving all that was said here is a snippet of what I have in /var/lib/dhcp/dhclient.enp2s0.leases

Don't know why my interface is named enp2s0, but I only have one, this might be a driver thing.

lease {
  interface "enp2s0";
  fixed-address 192.168.11.6;
  option subnet-mask 255.255.255.0;
  option routers 192.168.11.1;
  option dhcp-lease-time 86400;
  option dhcp-message-type 5;
  option domain-name-servers 192.168.11.1;
  option dhcp-server-identifier 192.168.11.1;
  option domain-name "local";
  renew 2 2017/09/12 15:28:36;
  rebind 3 2017/09/13 01:09:09;
  expire 3 2017/09/13 04:09:09;
}

This is the server that will be the AD DC, it currently is in client subnet (192.168.11.x) for testing, but I will put it in server subnet (192.168.13.x) when in production.

I can't change these settings now as it will break the whole network, can I use the "method 3" from the link for now and manually edit /etc/resolv.conf and then when it is ready for production I drop that script and configure it properly into the DHCP Server?

Speaking of AD DC tutorial, I've read it over and over and especifically the provisioning part, does this sound correct?

samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm=AD.TECNOPON.COM.BR --domain=AD --adminpass=mypass --option="interfaces=lo enp2s0" --option="bind interfaces only=yes" --option="dns forwarder=192.168.11.1"

If I understand correctly, domain is what will be NetBIOS Name, right? What about Hostname? How do I set it in non-interactive mode?

It seems it isn't possible to set it also in interactive mode, as shown in the example from the tutorial:

# samba-tool domain provision --use-rfc2307 --interactive
Realm [SAMDOM.EXAMPLE.COM]: SAMDOM.EXAMPLE.COM
  Domain [SAMDOM]: SAMDOM
  Server Role (dc, member, standalone) [dc]: dc
  DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: SAMBA_INTERNAL
  DNS forwarder IP address (write 'none' to disable forwarding) [10.99.0.1]: 8.8.8.8
Administrator password: Passw0rd
Retype password: Passw0rd
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=samdom,DC=example,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              DC1
NetBIOS Domain:        SAMDOM
DNS Domain:            samdom.example.com
DOMAIN SID:            S-1-5-21-2614513918-2685075268-614796884

Where DC1 came from? Can I use that as NetBIOS Name?

Regards,
  Flavio Silveira
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba