Witam
Skompilowałem samba 4.20.2 ze źródeł. Chciałem postawić kontroler domeny z AD. Podczas konfiguracji kontrolera domeny doszedłem do momentu wyboru serwera DNS. Z racji tego iż mam swój odpowiedziałem NONE.
# samba-tool domain provision --use-rfc2307 --interactive (24 min)
Realm [LOCAL.TLD]: LOCAL.TLD
Domain [LOCAL]: LOCAL
Server Role (dc, member, standalone) [dc]: dc
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: NONE
Administrator password:hasło
Retype password:hasło
INFO 2024-07-25 10:23:46,703 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #2110: Looking up IPv4 addresses
INFO 2024-07-25 10:23:46,703 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #2127: Looking up IPv6 addresses
WARNING 2024-07-25 10:23:46,704 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #2134: No IPv6 address will be assigned
INFO 2024-07-25 10:23:46,948 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #2300: Setting up share.ldb
...
INFO 2024-07-25 10:23:55,372 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #2412: A Kerberos configuration suitable for Samba AD has been generated at /usr/local/samba/private/krb5.conf
INFO 2024-07-25 10:23:55,372 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #2414: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
INFO 2024-07-25 10:23:55,570 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #2084: Setting up fake yp server settings
INFO 2024-07-25 10:23:55,682 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #487: Once the above files are installed, your Samba AD server will be ready to use
INFO 2024-07-25 10:23:55,683 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #492: Server Role: active directory domain controller
INFO 2024-07-25 10:23:55,683 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #493: Hostname: dc
INFO 2024-07-25 10:23:55,683 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #494: NetBIOS Domain: LOCAL
INFO 2024-07-25 10:23:55,683 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #495: DNS Domain: local.tld
INFO 2024-07-25 10:23:55,683 pid:62655 /usr/local/samba/lib64/python3.9/site-packages/samba/provision/__init__.py #496: DOMAIN SID: S-1-5-21-241
Do serwera DNS dodałem wpisy dotyczące kontrolera domeny:
...
_ldap._tcp.local.tld. 3600 IN SRV 0 100 389 dc.local.tld.
_kerberos._tcp.local.tld. 3600 IN SRV 0 100 88 dc.local.tld.
_kpasswd._tcp.local.tld. 3600 IN SRV 0 100 464 dc.local.tld.
;;
dc IN A 192.168.0.111
...
Z poziomu virtualki na której jest DC nslookup i dig rozwiązują zapytania.
# dig SRV _ldap._tcp._local.tld
; <<>> DiG 9.16.23-RH <<>> SRV _ldap._tcp.local.tld
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61895
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 45b67aa4b9e403bc0100000066a206fd6c5e58dcff521738 (good)
;; QUESTION SECTION:
;_ldap._tcp.local.tld. IN SRV
;; ANSWER SECTION:
_ldap._tcp.local.tld. 3600 IN SRV 0 100 389 dc.local.tld.
;; ADDITIONAL SECTION:
dc.local.tld. 86400 IN A 192.168.0.111
;; Query time: 0 msec
;; SERVER: 192.168.0.106#53(192.168.0.106)
;; WHEN: Thu Jul 25 10:04:13 CEST 2024
;; MSG SIZE rcvd: 125
# nslookup -query=SRV _ldap._tcp.local.tld
Server: 192.168.0.106
Address: 192.168.0.106#53
[root@dc ~]# nmcli connection show enp0s3 | grep dns
connection.mdns: -1 (default)
connection.dns-over-tls: -1 (default)
ipv4.dns: 127.0.0.1,192.168.0.106,192.168.0.1
ipv4.dns-search: local.tld
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.ignore-auto-dns: no
ipv6.dns: --
ipv6.dns-search: --
ipv6.dns-options: --
ipv6.dns-priority: 0
ipv6.ignore-auto-dns: no
Przy testach DNS to mam komunikat:
# host -t SRV _ldap._tcp.local.tld
_ldap._tcp.local.tld has SRV record 0 100 389 dc.local.tld.
[root@dc ~]# host -t SRV _kerberos._tcp.local.tld
_kerberos._tcp.local.tld has SRV record 0 100 88 dc.local.tld.
# host www.google.com
www.google.com has address 142.250.203.196
www.google.com has IPv6 address 2a00:1450:401b:810::2004
Jednak przy próbie wylistowania stref dns mam błąd:
# samba-tool dns zonelist 127.0.0.1 -U Administrator
Password for [LOCAL\Administrator]:
ERROR(runtime): Could not contact RPC server [WERR_DNS_ERROR_DS_UNAVAILABLE] - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')
Dlaczego dig, nslookup, host zwracają rozwiązują zapytania w oparciu o DNS a DC nie potrafi ?
Pozdrawiam
Mariusz
Shank x64 (4)