[Samba] Provisioning new AD Domain Controller
Rowland Penny
rpenny at samba.org
Sun Jan 21 16:35:55 UTC 2024
On Sun, 21 Jan 2024 11:11:02 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:
> On Sun Jan 21 03:08:25 2024 Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> > > # samba-tool dns delete mail 1.168.192.in-addr.arpa 2 PTR
> > > mail.hprs.local Password for [administrator at HPRS.LOCAL]:
> > > ERROR(runtime): The record does not exist
> > >
> > > I must still be doing something wrong.
> >
> > Yes, you didn't say that you you wanted to remove a reversezone,
>
> Ok, I did:
>
> samba-tool dns zonedelete mail 1.168.192.in-addr.arpa
>
> and that took care of that problem!
>
> > > So, why can the DC resolve <host>.hprs.local? Does each host on
> > > the domain need to have an A record added on the DC? I.e. these
> > > are not resolved automatically?
> >
> > Oh, yes, every domain member must have a record stored in AD, ...
> >
> > Active Directory relies on dns and as such, every AD DC is a dns
> > domain master, it is referred to as 'multi-master'.
> >
> > Rowland
>
> Huh! So I have to manually create an A record for each domain member?
No.
>
> With the old domain on Samba 4.8.2, provisioned with BIND9_FLATFILE,
> I ran bind, and dhcpd. dhcpd.conf had the settings "ddns-updates on",
> which dynamically updated the A records in the DC when a domain
> member joined. I didn't have to manually create DNS records.
No, dhcp didn't create the A record, it was Windows itself.
>
> Currently, I am not running dhcpd (yet, baby steps), but would the
> "ddns-updates on" do the same on this DC (Samba 4.18.9) provisioned
> with SAMBA_INTERNAL? What if I had provisioned with BIND9_DLZ instead?
The dns server doesn't matter and dhcp by itself cannot create any dns
records, but you can get dhcp to run a script to do it for you, but you
only need this for Linux clients, Windows can create/update their own
records.
Rowland
More information about the samba
mailing list