samba 4 - 'domain admin' accounts behaving like normal users; inexplicable errors
Ben Hodgens
ben at hodgens.net
Sat Sep 18 21:08:39 MDT 2010
Michael,
It returns something similar, but not quite:
_ldap._tcp.rc1.mydomain.com has SRV record 0 0 389 rc1.mydomain.com
Might this deviation from "10" to "0" be a potential cause of the problem?
I do have a number of srv-host definitions in my dnsmasq config already:
srv-host=gc._msdcs.rc1.mydomain.com,sentinel.rc1.mydomain.com
srv-host=_gc._tcp.rc1.mydomain.com,sentinel.rc1.mydomain.com
srv-host=_ldap._tcp.rc1.mydomain.com,sentinel.rc1.mydomain.com,389
srv-host=_ldap._tcp.dc._msdcs.rc1.mydomain.com,sentinel.rc1.mydomain.com,389
srv-host=_ldap._tcp.gc._msdcs.rc1.mydomain.com,sentinel.rc1.mydomain.com,389
srv-host=gc._tcp.gc._msdcs.rc1.mydomain.com,sentinel.rc1.mydomain.com
srv-host=gc._tcp.Default-First-Site-Name._sites.gc._msdcs.rc1.mydomain.com,sentinel.rc1.mydomain.com
srv-host=_gc._tcp.Default-First-Site-Name._sites.rc1.mydomain.com,sentinel.rc1.mydomain.com
srv-host=_kerberos._udp.rc1.mydomain.com,sentinel.rc1.mydomain.com
On 09/18/2010 04:49 PM, Michael Wood wrote:
> And if you, e.g., do:
>
> $ host -t srv _ldap._tcp.rc1.mydomain.com.
>
> Does it return something like this?
>
> _ldap._tcp.rc1.mydomain.com has SRV record 0 100 389 rc1.mydomain.com
>
> Does dnsmasq handle SRV records?
>
> According to their docs they do, but it looks like what you have is
> not enough. You have to put some stuff in dnsmasq.conf:
>
> # Change the following lines if you want dnsmasq to serve SRV
> # records. These are useful if you want to serve ldap requests for
> # Active Directory and other windows-originated DNS requests.
> # See RFC 2782.
> # You may add multiple srv-host lines.
> # The fields are<name>,<target>,<port>,<priority>,<weight>
> # If the domain part if missing from the name (so that is just has the
> # service and protocol sections) then the domain given by the domain=
> # config option is used. (Note that expand-hosts does not need to be
> # set for this to work.)
>
> # A SRV record sending LDAP for the example.com domain to
> # ldapserver.example.com port 389
> #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
>
> # A SRV record sending LDAP for the example.com domain to
> # ldapserver.example.com port 389 (using domain=)
> #domain=example.com
> #srv-host=_ldap._tcp,ldapserver.example.com,389
>
> # Two SRV records for LDAP, each with different priorities
> #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
> #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
>
> # A SRV record indicating that there is no LDAP server for the domain
> # example.com
> #srv-host=_ldap._tcp.example.com
>
More information about the samba-technical
mailing list