[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command

Rowland penny rpenny at samba.org
Thu Dec 3 16:26:38 UTC 2015 

On 03/12/15 16:06, Jonathan S. Fisher wrote:
> > host -t SRV _ldap._tcp.windows.corp.XXX.com 
> <http://tcp.windows.corp.XXX.com>
> _ldap._tcp.windows.corp.XXX.com <http://tcp.windows.corp.XXX.com> has 
> SRV record 0 100 389 whiskey.windows.corp.XXX.com 
> <http://whiskey.windows.corp.XXX.com>.
> _ldap._tcp.windows.corp.XXX.com <http://tcp.windows.corp.XXX.com> has 
> SRV record 0 100 389 wine.windows.corp.XXX.com 
> <http://wine.windows.corp.XXX.com>.
>
> > host -t SRV _kerberos._udp.windows.corp.XXX.com 
> <http://udp.windows.corp.XXX.com>
> _kerberos._udp.windows.corp.XXX.com <http://udp.windows.corp.XXX.com> 
> has SRV record 0 100 88 whiskey.windows.corp.XXX.com 
> <http://whiskey.windows.corp.XXX.com>.
> _kerberos._udp.windows.corp.XXX.com <http://udp.windows.corp.XXX.com> 
> has SRV record 0 100 88 wine.windows.corp.XXX.com 
> <http://wine.windows.corp.XXX.com>.
>
> > host -t A freeradius.windows.corp.XXX.com 
> <http://freeradius.windows.corp.XXX.com>.
> freeradius.windows.corp.XXX.com 
> <http://freeradius.windows.corp.XXX.com> has address 192.168.127.134
>
> > host -t SRV 192.168.127.134
> 134.127.168.192.in-addr.arpa domain name pointer 
> freeradius.windows.corp.XXX.com <http://freeradius.windows.corp.XXX.com>.
>
> I tried the same thing with ".WINDOWS" and it doesn't work of course...
>
>
>

Your DNS appears to be working :-)

Lets move on from there:

Quick recap:
'hostname' should return 'freeradius'
'hostname -d' should return 'windows.corp.xxx.com'
'hostname -f' should return 'freeradius.windows.corp.xxx.com'
'hostname -i' should return '192.168.127.134'

/etc/resolv.conf should contain this:

search windows.corp.xxx.com
nameserver 'ip of first DC'
nameserver 'ip of second DC'

/etc/krb5.conf should contain this:

[libdefaults]
         default_realm = WINDOWS.CORP.XXX.COM


smb.conf is setup as per the samba wiki

If you run 'net ads testjoin' it should return 'Join is OK'

If all the above is complied with, running 'sudo net rpc info 
-UAdministrator' should return something like this:

Domain Name: SAMDOM
Domain SID: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx
Sequence number: 1
Num users: XXX
Num domain groups: XX
Num local groups: XX

If it doesn't, add this line to smb.conf: log level = 10
Restart samba and try again

Rowland

More information about the samba mailing list