0

I'm trying to set up a Active Directory Domain Controller on an Ubuntu 16.04 instance on Amazon's EC2 micro services. I do everything right (following at least three different tutorials) and get all the server side tests to run and go fine. My most recent attempt used this tutorial:https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller (although I got the kerberos install list from Step 2 of https://www.tecmint.com/install-samba4-active-directory-ubuntu/).

But when I try to connect from Windows 10 (as explained here https://wiki.samba.org/index.php/Windows_DNS_Configuration), I get the following error:

Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "ad.company.com.my":

The query was for the SRV record for _ldap._tcp.dc._msdcs.ad.company.com.my

The following domain controllers were identified by the query: dc1.ad.company.com.my

However no domain controllers could be contacted.

Common causes of this error include:

  • Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

  • Domain controllers registered in DNS are not connected to the network or are not running.

My setup: AWS Micro instance running Ubuntu 16.04 LTS. Elastic IP address set so that I have a static IP address for the server.

The Windows client is a virtual machine. It has the public IP address of the amazon instance set as per instructed on the samba wiki (https://wiki.samba.org/index.php/Windows_DNS_Configuration).

All of these work:

host -t A ad.company.com.my host -t A dc1 ping -c3 ad.company.com.my ping -c3 dc1.ad.company.com.my

Configuration files:

/etc/network/interfaces:

# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # Source interfaces # Please check /etc/network/interfaces.d before changing this file # as interfaces may have been defined in /etc/network/interfaces.d # See LP: #1262951 # source /etc/network/interfaces.d/*.cfg auto eth0 iface eth0 inet static address 172.31.36.46 netmask 255.255.240.0 broadcast 172.31.47.255 gateway 172.31.32.1 dns-nameserver 172.31.36.46 # dns-nameserver 172.31.0.2 # dns-nameserver 8.8.8.8 dns-search ad.company.com.my

/etc/hosts:

127.0.0.1 localhost localhost.localdomain 172.31.36.46 dc1.ad.company.com.my dc1 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts

/etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 172.31.36.46 search ad.company.com.my

/etc/hostname

dc1

/etc/krb5.conf

[libdefaults] default_realm = AD.COMPANY.COM.MY dns_lookup_realm = false dns_lookup_kdc = true

/etc/samba/smb.conf

[global] workgroup = AD realm = AD.COMPANY.COM.MY netbios name = DC1 server role = active directory domain controller dns forwarder = 8.8.8.8 idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/ad.company.com.my/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No

Here is the output of the command: nslookup dc1.ad.company.com.my

Server: ec2-ADDRESS.ap-southeast-1.compute.amazonaws.com Address: ADDRESS Name: dc1.ad.company.com.my Address: 172.31.36.46

And then doing an SRV check:

C:\Users\user>nslookup Default Server: ec2-ADDRESS.ap-southeast-1.compute.amazonaws.com Address: ADDRESS > set type=SRV > _ldap._tcp.ad.company.com.my Server: ec2-ADDRESS.ap-southeast-1.compute.amazonaws.com Address: ADDRESS _ldap._tcp.ad.company.com.my SRV service location: priority = 0 weight = 100 port = 389 svr hostname = dc1.ad.company.com.my

I've opened all traffic on the instance so that I know it's not a firewall issue.

So, what am I doing wrong?

Improve this question

1 Answer 1

Reset to default
0

As a temporary solution add or update at windows 10 host HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\AllowSingleLabelDnsDomain to 1. Then reboot your windows 10 and try to add to domain with netbios name (in your case looks like you need to use AD)

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.