[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command

Jonathan S. Fisher jonathan at springventuregroup.com
Tue Dec 1 16:36:30 UTC 2015

Checked with the network guy... yes, the main DNS is indeed dnsmasq. He has
a delegation though, so any query for WINDOWS.corp.XXX.com winds up going
to to the correct place:


The DC's (, are indeed running DNS (I can dig
at them). Would it just be easier to make this host have a static IP? If
so, what settings does samba need for DNS?

Here's the other files as requested:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
search windows.corp.xxx.com

default_realm = WINDOWS.CORP.XXX.COM

netbios name=freeradius
local master=no

log file=/var/log/samba/%m.log
log level=3

dedicated keytab file=/etc/krb5.keytab
kerberos method=secrets and keytab
winbind refresh tickets=yes

winbind trusted domains only=no
winbind enum users=yes
winbind enum groups=yes
winbind nested groups=yes

load printers=no
template shell=/bin/false

idmap config WINDOWS:backend=autorid
idmap config WINDOWS:range=10000-99999

On Tue, Dec 1, 2015 at 10:27 AM, Rowland Penny <rowlandpenny241155 at gmail.com
> wrote:

> On 01/12/15 16:02, Jonathan S. Fisher wrote:
>> Well I got one step farther...
>> hostname -d and hostname -f now work correctly if I add this line to
>> /etc/hosts
>> /etc/hosts
>>   localhost
>> freeradius.windows.corp.springventuregroup.com <
>> http://freeradius.windows.corp.springventuregroup.com> freeradius
>> But same error on the rpc command. It's still asking DNS for
>> "_ldap._tcp.pdc._msdcs.WINDOWS" not "_ldap._tcp.pdc._
>> Can you do a tcpdump on yours and see what the desired behavior is? I
>> used this command: "sudo tcpdump-vvv -s 0 -l -n port 53 -w dns.pcap". Start
>> the dump, then run "sudo net rpc info -Uadministrator"
> If you are using in etc/hosts on Ubuntu, then you are using
> dnsmasq.
> If you are using dnsmasq, then it is unlikely your dns setup will find the
> DC
> Just a thought, is there a DNS server running on the AD DC ?
> There should be and your client should be using this as its DNS server, AD
> lives and dies on DNS.
> There shouldn't be a dns server running on your domain member, it should
> be using the AD dns server.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Email Confidentiality Notice: The information contained in this 
transmission is confidential, proprietary or privileged and may be subject 
to protection under the law, including the Health Insurance Portability and 
Accountability Act (HIPAA). The message is intended for the sole use of the 
individual or entity to whom it is addressed. If you are not the intended 
recipient, you are notified that any use, distribution or copying of the 
message is strictly prohibited and may subject you to criminal or civil 
penalties. If you received this transmission in error, please contact the 
sender immediately by replying to this email and delete the material from 
any computer.

More information about the samba mailing list