[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command

Rowland penny rpenny at samba.org
Thu Dec 3 13:15:00 UTC 2015


On 03/12/15 13:07, Rowland Penny wrote:
>
>
>
>
> 2015-12-02 17:27 GMT+01:00 Jonathan S. Fisher <
> jonathan at springventuregroup.com>:
>
> > Great thanks, I'll start digging into that. So your running theory is that
> > one of the DNS resolution attempts is returning .WINDOWS not .
> > WINDOWS.CORP.XXX.com?
> >
>
> I'm not sure, that's your issue, not mine, but you seemed to mean that FQDN
> are truncated in some DNS search.
> At least that's what I understand from your first mail when you wrote:
>
> "From Wireshark:
>
> Queries
> _ldap._tcp.pdc._msdcs.WINDOWS: type SRV, class IN
> Name: _ldap._tcp.pdc._msdcs.WINDOWS"
>
> So yes I would say there is something wrong in the way your DNS requests
> are forged: they are using the domain name.
>
> So, for me, the next question is: is that domain reduction happens on all
> requests or only those made by Samba.
>
> To know that the point is to avoid Samba.
>
> That's why I proposed to proceed with:
> - some DNS requests -> you said they worked using the three DNS servers you
> have (the real one, the two from Samba) -> the system does not seem to
> truncat by himself / always the requests.
> - some kinit -> kinit with no configuration to force Kerberos servers
> should send SRV requests to guess how to contact a kerberos server. You
> seemed to say kinit was working.
>
> Next step I would change my resolv.conf to put as nameserver in it only
> your DC, no search, no domain. The point here is to test your DNS from
> Samba, and in parallel to avoid the main DNS server which uses dnsmasq.
>
> And I would then redo all these tests, including those proposed by Rowland.
>
> If you don't have truncated requests until there, I would suggest you find
> something strange in Samba. But as long as you didn't performed all that
> successfully, I would suggest an issue in your DNS resolving stack.
>
> Cheers,
>
> mathias
>
>

This is basically what I wanted to find out, does the OP have a problem 
or not, if he answers my post, we may find out and move on from there.

Rowland


More information about the samba mailing list