[Samba] small dns question

Rowland Penny rowlandpenny at googlemail.com
Sun Mar 30 05:40:18 MDT 2014 

On 30/03/14 09:16, mourik jan heupink - merit wrote:
> Hi Stuard,
>
> I'm replying to the list so others can reply to the last bit of your 
> message.
>
> About the samba forwarders:
> What I did, was configure DIFFERENT forwarders on dc1 and dc2. This 
> gives redundancy if one of your forwarders goes down.
>
> About your rfc2307 questions / remarks: I have no idea, perhaps 
> someone else can answer those.
>
> MJ
>
> On 03/29/2014 10:28 PM, Stuart Naylor wrote:
>> RE: [Samba] small dns question
>> Works for me if I add a forwarder.
>>
>> PDC Samba1
>> /etc/samba/smb.conf
>> # Global parameters
>> [global]
>>          workgroup = SAMBA4
>>          realm = SAMBA4.LAN
>>          netbios name = SAMBA1
>>          server role = active directory domain controller
>>          dns forwarder = 192.168.1.1
>>          idmap_ldb:use rfc2307 = yes
>> ADC Samba2
>> /etc/samba/smb.conf
>> # Global parameters
>> [global]
>>          workgroup = SAMBA4
>>          realm = samba4.lan
>>          netbios name = SAMBA2
>>          server role = active directory domain controller
>> When you add an ADC the auto created smb.conf isn't the same.
>> I can understand the shares not being there and using Samba2 as my 
>> dns would fail on external DNS.
>> So I pasted thedns forwarder = 192.168.1.1 and smbcontrol all 
>> reload-config I was in business on the second dns
>> So yes but really would love the internal DNS to be able to have more 
>> than a singular forwarder. Not a fan of bind especially just for the 
>> use of a DC.
>> I have a question and that is withrfc2307 as should that be copied as 
>> well?idmap_ldb:use rfc2307 = yes

If you want to use RFC2307 attributes then yes.

>> Things will work but say with a samba4 fsmo transfer then I guess not.
>> I have been using 
>> https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>> And in typical M$ style after a reboot host -t A dc2.samdom.example.com.
>>
>>   * Before you start samba, you should check, if the new DCs DNS
>>     entries are set correctly during joining. This doesn't currently
>>     work 100% and have to be done manually in that case.
>>
>>   * From the new host, try to resolve its hostname:
>> # host -t A dc2.samdom.example.com.
>>
>> Can anyone help with this as it fails
>> ldbsearch -H /var/lib/samba/private/sam.ldb 
>> '(invocationid=samba2.samba4.lan)' --cross-ncs objectguid

If this is a Samba AD DC, then I do not think that search is ever going 
to work, isn't 'invocationid' something to do with an Exchange server ?

>>
>>
>> I am on debian so the folders are different. Maybe samba2 should not 
>> of been running when I joined.

If you followed the howto from the samba wiki, I fail to see how samba 
could have been running, surely there wouldn't have been a smb.conf 
until you ran the domain join as a DC ? anyway, yes, samba should not 
have been running.

Rowland
>> Thing is from the documentation if it isn't what do you do ?
>>  From rsat active users & computers in the NTDS setting there is a 
>> DNS alias for samba2 of 
>> 932B87C9-27D2-451F-B16A-F30DFB9E39E1._msdcs.samba4.lan
>> I throw up some virtual boxes all distro's with 4.1.6 and my noob 
>> instructions.
>> The documentation is hard going guys sometimes because of to much 
>> from others, other distro's and previous versions.
>> I think I am getting there but is anyone could answer the above.
>> Many Thanks
>> Stuart
>> -----Original message-----
>> > From:mourik jan heupink - merit <heupink at merit.unu.edu 
>> <mailto:heupink at merit.unu.edu>>
>> > Sent: Friday 28th March 2014 20:16
>> > To:samba at lists.samba.org <mailto:samba at lists.samba.org>
>> > Subject: [Samba] small dns question
>> >
>> > Hi list,
>> >
>> > This weekend I'll be performing the samba3 -> samba4 tango :-)
>> >
>> > Anyway: I'll be setting up two DC's, and would like to know if they 
>> can
>> > BOTH be a dns server for our AD domain, or if that 'role' is only for
>> > the 'primary' DC?
>> > ('primary' being to one who's sysvol is rsynced to the 'secondary')
>> >
>> > Because if they both have all dns knowledge, and can be dns server, 
>> this
>> > would make the network much more robust. I could forward them to
>> > different resolvers also.
>> >
>> > It's in the details, sometimes...
>> >
>> > Thanks!
>> >
>> >
>

More information about the samba mailing list