[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command

Jonathan S. Fisher jonathan at springventuregroup.com
Wed Dec 2 15:34:32 UTC 2015 

Dnsmasq is not running locally! Disabling it would do nothing but stop DHCP
and DNS forwarding for 2000+ soon to be irate people.

What I am going to do however is bypass DHCP completely and assign a static
address with DNS pointed straight at active directory. If that still
doesn't work, I think I can definitely narrow this down to a bug in Active
Directory, our AD configuration, or a bug in Samba.

On Wed, Dec 2, 2015 at 6:08 AM, mathias dufresne <infractory at gmail.com>
wrote:

> Can't you just disable dnsmasq service?
>
> You don't seem to be too much confident in that tool and you have DNS
> issue...
>
> dnsmasq has most certainly a good reason to exist. I just don't know it. In
> IT for work we generally don't need such tool as infrastructures of
> companies are meant to be stable. As the clients configuration.
>
> So I would start with dnsmasq removal, then I would [learn how to]
> configure manually this client, then I would re-run test, starting with
> small tests (DNS with dig/nslookup, kinit...)
>
> 2015-12-01 21:40 GMT+01:00 Jonathan S. Fisher <
> jonathan at springventuregroup.com>:
>
> > So everything with the hostname with now resolving correctly, without the
> > 127.0.1.1 hack anymore. We just had to make sure DHCP was handing out the
> > correct domain, which it is now:
> >
> > $ hostname -d
> > windows.corp.XXX.com
> > $ hostname -f
> > freeradius.windows.corp.XXX.com
> >
> > I deleted all the shared secrets, removed the computer from AD and
> > rejoined... but of course, we're still getting the exact same issue... :(
> > It's still trying to query the wrong DNS entry.
> >
> >
> > On Tue, Dec 1, 2015 at 12:12 PM, Rowland Penny <
> > rowlandpenny241155 at gmail.com
> > > wrote:
> >
> > > On 01/12/15 17:27, Jonathan S. Fisher wrote:
> > >
> > >> It isn't running, one of the first things I do when setting up a new
> DC
> > is
> > >>>
> > >> to remove nscd if it is installed.
> > >> Ah ok... well this isn't a DC, just a member... is NSCD ok to run as a
> > >> member? Otherwise I can remove it.
> > >>
> > >
> > > I would remove it, everything dns wise should come from an AD DC
> > >
> > >
> > >> you get a caching dnsmasq server as standard
> > >>>
> > >> Not on ubuntu server...  There is no dnsmasq package installed nor is
> it
> > >> in
> > >> ps -ef
> > >>
> > >
> > > Ah, so no GUI then, ok in this case you probably wont have Network
> > Manager
> > > installed either.
> > >
> > > If you have to have that 127.0.1.1 line in /etc/hosts, you have dns
> > >>>
> > >> problems.
> > >> I'll try to figure out how to get the client to have a FQDN without
> the
> > >> line in /etc/hosts
> > >>
> > >
> > > If this machine is going to be a fileserver, you would probably be
> better
> > > using a fixed ip, but if you going to have other Unix domain members
> > using
> > > dhcp, you need to sort this problem.
> > >
> > >
> > >> I really am starting to hate Active Directory...
> > >>
> > >
> > > I just hate microsoft, it cuts out the middle man :-D
> > >
> > > Rowland
> > >
> > >
> > >> On Tue, Dec 1, 2015 at 11:22 AM, Rowland Penny <
> > >> rowlandpenny241155 at gmail.com
> > >>
> > >>> wrote:
> > >>> On 01/12/15 17:09, Jonathan S. Fisher wrote:
> > >>>
> > >>> So your client did no DNS lookups?? That's crazy. Could they be
> cached?
> > >>> (Can you disable nscd if you have it running and try again?)
> > >>>
> > >>>
> > >>> It isn't running, one of the first things I do when setting up a new
> DC
> > >>> is
> > >>> to remove nscd if it is installed.
> > >>>
> > >>>
> > >>> Why, in your deity's name, why?????
> > >>>>
> > >>> I'm starting my own caliphate. Seems to be all the rage these days.
> > >>>
> > >>> Dnsmasq isn't running locally... it's the main DNS server at
> > >>> 192.168.127.129. At one time I guess we were running Bind, but he
> > >>> switched
> > >>> to dnsmasq for simplicity. If there's a legit reason why Windows
> needs
> > to
> > >>> handle 100% of the DNS and DHCP for the network... well that's a
> little
> > >>> scary of a thought. Are these things in no way interoperable?
> > >>>
> > >>>
> > >>> On Ubuntu, you get a caching dnsmasq server as standard, this is
> > >>> controlled by Network Manager, this shouldn't be running on an AD
> > client
> > >>> (note this is only from my experience, it seems to interfere with AD
> > >>> dns).
> > >>>
> > >>> DHCP doesn't need to be running on the DC, but it needs to give your
> > >>> client the required info, see my previous post for what mine sends.
> > >>> Your AD clients need to use your AD DCs as their DNS servers,
> anything
> > >>> your DCs don't know about i.e. google should be forwarded to a DNS
> > server
> > >>> that does i.e. your dnsmasq machine
> > >>>
> > >>> Your problem isn't that net is using the workgroup name, it is that
> > your
> > >>> machine doesn't seem to know who it is and where the DCs are :-)
> > >>>
> > >>>
> > >>> Mind you, until you get 'hostname -f' to return your FQDN, it will
> not
> > >>>>
> > >>> work correctly.
> > >>> Well this "works" right now with what I put into /etc/hosts. Are you
> > >>> saying it has to work purely from dhcp?
> > >>>
> > >>>
> > >>>
> > >>> If you have to have that 127.0.1.1 line in /etc/hosts, you have dns
> > >>> problems.
> > >>>
> > >>> Rowland
> > >>>
> > >>>
> > >>>
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
> >
> > --
> > Email Confidentiality Notice: The information contained in this
> > transmission is confidential, proprietary or privileged and may be
> subject
> > to protection under the law, including the Health Insurance Portability
> and
> > Accountability Act (HIPAA). The message is intended for the sole use of
> the
> > individual or entity to whom it is addressed. If you are not the intended
> > recipient, you are notified that any use, distribution or copying of the
> > message is strictly prohibited and may subject you to criminal or civil
> > penalties. If you received this transmission in error, please contact the
> > sender immediately by replying to this email and delete the material from
> > any computer.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Email Confidentiality Notice: The information contained in this 
transmission is confidential, proprietary or privileged and may be subject 
to protection under the law, including the Health Insurance Portability and 
Accountability Act (HIPAA). The message is intended for the sole use of the 
individual or entity to whom it is addressed. If you are not the intended 
recipient, you are notified that any use, distribution or copying of the 
message is strictly prohibited and may subject you to criminal or civil 
penalties. If you received this transmission in error, please contact the 
sender immediately by replying to this email and delete the material from 
any computer.

More information about the samba mailing list