I've gotten a Samba 4 AD DC setup running on Ubuntu 18.04 LTS. I used this tutorial to make it work:
https://www.tecmint.com/install-samba4-active-directory-ubuntu/
The problem is I can't get my Windows 7 or 10 clients to connect to the domain.
Here is my krb5.conf
file:
[logging]
default = FILE:/var/log/krb-def.log
kdc = FILE:/var/log/kdc.log
admin_server = FILE:/var/log/lrb-adm.log
[libdefaults]
default_realm = MVPOSERVER.LAN
[realms]
MVPOSERVER.LAN = {
default_domain = mvposerver.lan
kdc = adc1.mvposerver.lan:88
}
My hosts file:
127.0.0.1 localhost
192.168.9.50 mvposerver
192.168.9.50 mvposerver.lan adc1 _kerberos._udp _ldap._tcp _ldap._tcp.dc._msdcs
192.168.9.50 adc1.mvposerver.lan
192.168.9.50 _kerberos._udp.mvposerver.lan
192.168.9.50 _ldap._tcp.mvposerver.lan
192.168.9.50 _ldap._tcp.dc._msdcs.mvposerver.lan
My netplan
IP config is:
network:
version: 2
renderer: NetworkManager
ethernets:
enp1s0:
dhcp4: no
dhcp6: no
addresses: [192.168.9.50/24]
gateway4: 192.168.9.250
nameservers:
search: [mvposerver.lan]
addresses: [127.0.0.1, 192.168.9.250]
Samba config:
Host returns the IP:
# host -t A mvposerver.lan
mvposerver.lan has address 192.168.9.50
Hostname of the server is adc1
. klist
returns the created Admin, so it's connecting:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@MVPOSERVER.LAN
Valid starting Expires Service principal
06/18/2019 15:34:17 06/19/2019 01:34:17 krbtgt/MVPOSERVER.LAN@MVPOSERVER.LAN
renew until 06/19/2019 15:34:14
And samba-tool
works for user listing:
# samba-tool user list
Administrator
krbtgt
Guest
Yet connecting Windows 7 Pro won't return ping on the hostname, nor will it connect to the controller. If I ping the hostname mvposerver.lan
, which does return the IP on the server itself, it won't resolve it:
If I ping the Samba NETBIOS name it does return an IP:
Also, I know Kerberos is working, because in Windows 7 if I make my domain mvposerver
instead of mvposerver.lan
it does ask me to connect using credentials, but then errors out after:
I also can't ping google.com
or any other domain name from the Windows client once on DNS through the DC. I can ping google.com
from the DC server in terminal just fine, I can also ping 8.8.8.8
from the client, just not domain resolve.
EDIT
I installed Bind9, setup DNS records, now the server won't ping it's own hostname, nor does the client still. But client does have internet now.
DNS Setup:
EDIT2
I have updated my DNS records and got DNS working, now the client has internet and detects the hostnames correctly:
So now the client finds the DC by hostname just fine, and it even finds the hostname and IP, but it can't find the DC software running, even though Samba says it's there.
Best Answer
This sounds like a DNS problem. I'm assuming the hosts file you showed is on the server? That's for the server's DNS client component, not for the server's DNS Server component. That's also not going to help other clients resolve DNS for AD.
Do you have a DNS server hosting the DNS zone for AD? If not, you need one and you need to configure the clients that you want to join to the domain to use it.