Is "Disjoint Namespace" fully functional?

Martinx - ジェームズ thiagocmartinsc at gmail.com
Tue Aug 26 16:26:55 MDT 2014 

BTW, after editing "station-2" /etc/hosts file back to (no disjoint
namespace):

---
127.0.0.1 localhost.localdomain localhost
192.168.1.20 station-2.realm.company.com station-2
---

It got registered correctly under "*.realm.company.com" DNS Zone but, that
is not what I need/want... I just did that to check if the domain DNS
updates for "real.company.com" was okay, and it is... Look:

---
root at station-2:~# net ads join -U tmartins%SENHA
Using short domain name -- DOMAIN
Joined 'STATION-2 to dns domain 'realm.company.com'
---

No errors appeared, "station-2" is at "DNS Manager" "realm.company.com"
list but, no Disjoint Namespace...    :-(

-
 Thiago


On 26 August 2014 18:54, Martinx - ジェームズ <thiagocmartinsc at gmail.com> wrote:

> Just for the record, the entry for "station-2" on its /etc/hosts *does
> not point* to "127.0.1.1". It points to its own IPv4 addr, like this:
>
> `station-2`s /etc/hosts file:
> ---
> 127.0.0.1 localhost.localdomain localhost
> 192.168.1.20 station-2.company.com station-2
> ---
>
> I found on the net that this is a common error that triggers a DNS update
> error while joining a domain but, that is not my case...
>
> Tks in advance!
>
> -
>  Thiago
>
>
> On 26 August 2014 16:24, Martinx - ジェームズ <thiagocmartinsc at gmail.com>
> wrote:
>
>> Guys,
>>
>> During my first month with Samba4 AD DC (4.1.6 from Trusty), I was using
>> a feature called "Disjoint Namespaces" but, now (Samba 4.1.11), it isn't
>> working anymore.
>>
>> Doc: http://technet.microsoft.com/en-us/library/cc731929(v=ws.10).aspx
>>
>> I'm not sure if I did something wrong, or if it is a regression, because
>> as I said, I was using Samba 4.1.6 from Ubuntu Trusty, now I'm using Samba
>> 4.1.11 (from my own Ubuntu PPA:
>> https://launchpad.net/~martinx/+archive/ubuntu/ig ).... I'm not sure if
>> it stopped working because of the upgrade, or because my fault (I tried to
>> add more forward zones)... So, I'm asking here if it is really supported
>> (the Disjoint Namespace feature) (or not), or if it worked for me at first,
>> "by luck"...
>>
>> What I did at first?
>>
>> I followed the guide: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
>>
>> So, I created my Samba4 AD DC with:
>>
>> ---
>> AD DC Hostname:                    ubuntu-ad-1
>> AD DNS Domain Name:                realm.company.com
>> Kerberos Realm:                    REALM.COMPANY.COM
>> NT4 Domain Name/NetBIOS Name:      COMPANY
>> IP Address:                        192.168.1.10
>> Server Role:                       Domain Controller (DC)
>> Domain Admin Password:             pa$$w0rd
>> Forwarder DNS Server:              192.168.1.1
>>
>> Provisioned with: `samba-tool domain provision --realm REALM.COMPANY.COM
>> --domain COMPANY --adminpass AdmPass123 --server-role=dc --use-xattr=yes
>> --use-rfc2307 --function-level=2008_R2 --dns-backend=BIND9_DLZ`
>> ---
>>
>> Everything is running fine, `Domain Computers` got registered within *.
>> realm.company.com" as expected, then, I followed the "Disjoint
>> Namespace" doc from Micro$oft, to create an extra "Forward Lookup Zone",
>> called: "company.com", using "DNS Manager".
>>
>> Then, I opened the software "ADSI Edit - adsiedit.msc", to connect to my "
>> ubuntu-ad-1.realm.company.com", to add "company.com" to
>> "msDS-AllowedDNSSuffixes" var. It worked...
>>
>> Right after configuring "msDS-AllowedDNSSuffixes", I tried to join a new
>> computer into "*.company.com", instead of "*.realm.company.com", for my
>> surprise, it worked!! I managed to join new Linux machine (station-1) into
>> "*.company.com", so, *Samba with Disjoint Namespaces seems to be
>> working!*
>>
>> ...Not anymore...   :'(
>>
>> Today, I'm trying to add more machines to that "*.company.com" domain,
>> and I'm seeing:
>>
>> ---
>> root at station-2:~# net ads join -U tmartins%SENHA
>> Using short domain name -- COMPANY
>> Joined 'STATION-2' to dns domain 'realm.company.com'
>> *DNS Update for station-2.company.com <http://station-2.company.com>
>> failed: ERROR_DNS_UPDATE_FAILED*
>> *DNS update failed: NT_STATUS_UNSUCCESSFUL*
>> ---
>>
>> What am I missing?!
>>
>> Because the first "station-1" got registered within the new lookup
>> forward zone "*.company.com" without any problem but, now, it isn't
>> working anymore... And I don't know if this is a regression of 4.1.11, or
>> if it is my mistake, or if it is not even supported (Disjoint)...
>>
>> Also, I tried to create more forward zones, like "*.cloud.company.com",
>> to join my OpenStack Instances... Or "*.office.company.com" to join my
>> Office Desktops and regular servers... Maybe it works only for 1 extra
>> forward zone?! And if you tries to add more, it breaks?!
>>
>> BTW, I'm seeing here on this mail list, lots of patches about
>> "subdomains", "trust relationship" and etc... Maybe are you guys working on
>> this?! I would like to know if it is better to wait for Samba 4.2... Or if
>> there is something that I can do to fix my "Disjoint Namespaces"...
>>
>> I really appreciate any help!
>>
>> Cheers!
>> Thiago
>>
>>
>

More information about the samba-technical mailing list