[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command

Jonathan S. Fisher jonathan at springventuregroup.com
Tue Dec 1 17:15:21 UTC 2015


So your client did no DNS lookups?? That's crazy. Could they be cached?
(Can you disable nscd if you have it running and try again?)

>Why, in your deity's name, why?????

I'm starting my own caliphate. Seems to be all the rage these days.

Dnsmasq isn't running locally... it's the main DNS server at
192.168.127.129. At one time I guess we were running Bind, but he switched
to dnsmasq for simplicity. If there's a legit reason why Windows needs to
handle 100% of the DNS and DHCP for the network... well that's a little
scary of a thought. Are these things in no way interoperable?

> Mind you, until you get 'hostname -f' to return your FQDN, it will not
work correctly.
Well this "works" right now with what I put into /etc/hosts. Are you saying
it has to work purely from dhcp?


*Jonathan S. Fisher*
*VP - Information Technology*
*Spring Venture Group*
(o) 913-653-8820

On Tue, Dec 1, 2015 at 10:46 AM, Rowland Penny <rowlandpenny241155 at gmail.com
> wrote:

> On 01/12/15 16:36, Jonathan S. Fisher wrote:
>
>> Checked with the network guy... yes, the main DNS is indeed dnsmasq. He
>> has a delegation though, so any query for WINDOWS.corp.XXX.com <
>> http://WINDOWS.corp.XXX.com> winds up going to to the correct place:
>>
>
> Why, in your deity's name, why?????
>
>
>> domain=/windows.corp.XXX.com/192.168.127.141 <
>> http://windows.corp.XXX.com/192.168.127.141>
>> domain=/windows.corp.XXX.com/192.168.112.4 <
>> http://windows.corp.XXX.com/192.168.112.4>
>>
>> The DC's (192.168.127.141, 192.168.112.4) are indeed running DNS (I can
>> dig at them). Would it just be easier to make this host have a static IP?
>> If so, what settings does samba need for DNS?
>>
>> Here's the other files as requested:
>>
>> /etc/resolv.conf
>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
>> resolvconf(8)
>> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
>> nameserver 192.168.127.129
>>
>
> Replace '192.168.127.129' with '192.168.127.141' # i.e. one of your DCs
>
> Mind you, until you get 'hostname -f' to return your FQDN, it will not
> work correctly.
>
> Rowland
>
> search windows.corp.xxx.com <http://windows.corp.xxx.com>
>>
>> /etc/krb5.conf
>> [libdefaults]
>> default_realm = WINDOWS.CORP.XXX.COM <http://WINDOWS.CORP.XXX.COM>
>>
>> /etc/samba/smb.conf
>> [global]
>> netbios name=freeradius
>> security=ADS
>> workgroup=WINDOWS
>> realm=WINDOWS.CORP.XXX.COM <http://WINDOWS.CORP.XXX.COM>
>> local master=no
>>
>> log file=/var/log/samba/%m.log
>> log level=3
>>
>> dedicated keytab file=/etc/krb5.keytab
>> kerberos method=secrets and keytab
>> winbind refresh tickets=yes
>>
>> winbind trusted domains only=no
>> winbind enum users=yes
>> winbind enum groups=yes
>> winbind nested groups=yes
>>
>> load printers=no
>> template shell=/bin/false
>>
>> idmap config WINDOWS:backend=autorid
>> idmap config WINDOWS:range=10000-99999
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Email Confidentiality Notice: The information contained in this 
transmission is confidential, proprietary or privileged and may be subject 
to protection under the law, including the Health Insurance Portability and 
Accountability Act (HIPAA). The message is intended for the sole use of the 
individual or entity to whom it is addressed. If you are not the intended 
recipient, you are notified that any use, distribution or copying of the 
message is strictly prohibited and may subject you to criminal or civil 
penalties. If you received this transmission in error, please contact the 
sender immediately by replying to this email and delete the material from 
any computer.


More information about the samba mailing list