[Samba] small dns question

Rowland Penny rowlandpenny at googlemail.com
Sun Mar 30 05:54:12 MDT 2014 

On 30/03/14 12:40, Rowland Penny wrote:
> On 30/03/14 09:16, mourik jan heupink - merit wrote:
>> Hi Stuard,
>>
>> I'm replying to the list so others can reply to the last bit of your 
>> message.
>>
>> About the samba forwarders:
>> What I did, was configure DIFFERENT forwarders on dc1 and dc2. This 
>> gives redundancy if one of your forwarders goes down.
>>
>> About your rfc2307 questions / remarks: I have no idea, perhaps 
>> someone else can answer those.
>>
>> MJ
>>
>> On 03/29/2014 10:28 PM, Stuart Naylor wrote:
>>> RE: [Samba] small dns question
>>> Works for me if I add a forwarder.
>>>
>>> PDC Samba1
>>> /etc/samba/smb.conf
>>> # Global parameters
>>> [global]
>>>          workgroup = SAMBA4
>>>          realm = SAMBA4.LAN
>>>          netbios name = SAMBA1
>>>          server role = active directory domain controller
>>>          dns forwarder = 192.168.1.1
>>>          idmap_ldb:use rfc2307 = yes
>>> ADC Samba2
>>> /etc/samba/smb.conf
>>> # Global parameters
>>> [global]
>>>          workgroup = SAMBA4
>>>          realm = samba4.lan
>>>          netbios name = SAMBA2
>>>          server role = active directory domain controller
>>> When you add an ADC the auto created smb.conf isn't the same.
>>> I can understand the shares not being there and using Samba2 as my 
>>> dns would fail on external DNS.
>>> So I pasted thedns forwarder = 192.168.1.1 and smbcontrol all 
>>> reload-config I was in business on the second dns
>>> So yes but really would love the internal DNS to be able to have 
>>> more than a singular forwarder. Not a fan of bind especially just 
>>> for the use of a DC.
>>> I have a question and that is withrfc2307 as should that be copied 
>>> as well?idmap_ldb:use rfc2307 = yes
>
> If you want to use RFC2307 attributes then yes.
>
>>> Things will work but say with a samba4 fsmo transfer then I guess not.
>>> I have been using 
>>> https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>>> And in typical M$ style after a reboot host -t A 
>>> dc2.samdom.example.com.
>>>
>>>   * Before you start samba, you should check, if the new DCs DNS
>>>     entries are set correctly during joining. This doesn't currently
>>>     work 100% and have to be done manually in that case.
>>>
>>>   * From the new host, try to resolve its hostname:
>>> # host -t A dc2.samdom.example.com.
>>>
>>> Can anyone help with this as it fails
>>> ldbsearch -H /var/lib/samba/private/sam.ldb 
>>> '(invocationid=samba2.samba4.lan)' --cross-ncs objectguid
>
> If this is a Samba AD DC, then I do not think that search is ever 
> going to work, isn't 'invocationid' something to do with an Exchange 
> server ?

Well, that will teach me to answer before engaging brain. ;-)

Yes the search WILL work, but not as the OP has it, replace 
'samba2.samba4.lan' with '*' and you get a response.

Rowland
>>>
>>>
>>> I am on debian so the folders are different. Maybe samba2 should not 
>>> of been running when I joined.
>
> If you followed the howto from the samba wiki, I fail to see how samba 
> could have been running, surely there wouldn't have been a smb.conf 
> until you ran the domain join as a DC ? anyway, yes, samba should not 
> have been running.
>
> Rowland
>>> Thing is from the documentation if it isn't what do you do ?
>>>  From rsat active users & computers in the NTDS setting there is a 
>>> DNS alias for samba2 of 
>>> 932B87C9-27D2-451F-B16A-F30DFB9E39E1._msdcs.samba4.lan
>>> I throw up some virtual boxes all distro's with 4.1.6 and my noob 
>>> instructions.
>>> The documentation is hard going guys sometimes because of to much 
>>> from others, other distro's and previous versions.
>>> I think I am getting there but is anyone could answer the above.
>>> Many Thanks
>>> Stuart
>>> -----Original message-----
>>> > From:mourik jan heupink - merit <heupink at merit.unu.edu 
>>> <mailto:heupink at merit.unu.edu>>
>>> > Sent: Friday 28th March 2014 20:16
>>> > To:samba at lists.samba.org <mailto:samba at lists.samba.org>
>>> > Subject: [Samba] small dns question
>>> >
>>> > Hi list,
>>> >
>>> > This weekend I'll be performing the samba3 -> samba4 tango :-)
>>> >
>>> > Anyway: I'll be setting up two DC's, and would like to know if 
>>> they can
>>> > BOTH be a dns server for our AD domain, or if that 'role' is only for
>>> > the 'primary' DC?
>>> > ('primary' being to one who's sysvol is rsynced to the 'secondary')
>>> >
>>> > Because if they both have all dns knowledge, and can be dns 
>>> server, this
>>> > would make the network much more robust. I could forward them to
>>> > different resolvers also.
>>> >
>>> > It's in the details, sometimes...
>>> >
>>> > Thanks!
>>> >
>>> >
>>
>

More information about the samba mailing list