[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command

Rowland penny rpenny at samba.org
Thu Dec 3 20:45:09 UTC 2015


On 03/12/15 20:29, Jonathan S. Fisher wrote:
> 192.168.127.129 is the core  DNS server. It forwards anything in the 
> windows subdomain straight to the DCs, so it doesn't matter if this 
> client is pointed at the DC or the main DNS server. Either way, it 
> still does the wrong behavior, which is use the short .WINDOWS instead 
> of .WINDOWS.CORP.XXX.COM <http://WINDOWS.CORP.XXX.COM>

well it obviously isn't working your way, try pointing the client at a 
DC and *ignore* your main DNS server, also the WINDOWS you are referring 
to isn't your DNS domain, it is the NETBios domain name, it is one of 
the ways Samba works.

I am very sure I have said this before, but I will say it again, your AD 
DNS domain should be separate from your main DNS domain, your AD clients 
should use the AD DCs as their nameservers and anything they do not know 
about (i.e. google) should be forwarded to a DNS server that does, in 
your case, probably the dnsmasq server.

All I can add is that my AD domain (and probably everybody else's) works 
like the above and it *works*.

Rowland

>
> I removed all .tdb files, purged /var/cache/samba, removed 
> /etc/krb5.tdb, and deleted the computer account out of AD.
>
> I have a feeling this line is significant, but I'm not sure what it 
> means: internal_resolve_name: looking up WINDOWS#1b (sitename (null))
>
>
> jonathan.fisher at freeradius:~$ hostname
> freeradius
> jonathan.fisher at freeradius:~$ hostname -d
> windows.corp.XXX.com <http://windows.corp.XXX.com>
> jonathan.fisher at freeradius:~$ hostname -f
> freeradius.windows.corp.XXX.com <http://freeradius.windows.corp.XXX.com>
> jonathan.fisher at freeradius:~$ cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by 
> resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 192.168.127.131
> nameserver 192.168.112.4
> search windows.corp.XXX.com <http://windows.corp.XXX.com>
> jonathan.fisher at freeradius:~$ cat /etc/krb5.conf
> [libdefaults]
> default_realm = WINDOWS.CORP.XXX.COM <http://WINDOWS.CORP.XXX.COM>
> jonathan.fisher at freeradius:~$ sudo net ads join -Uadministrator
> Enter administrator's password:
> Using short domain name -- WINDOWS
> Joined 'FREERADIUS' to dns domain 'windows.corp.XXX.com 
> <http://windows.corp.XXX.com>'
> jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd 
> restart && sudo service sernet-samba-nmbd restart && sudo service 
> sernet-samba-smbd restart
> Shutting down SAMBA winbindd :  * Warning: /usr/sbin/winbindd not 
> running !
> Starting SAMBA winbindd :  * Warning: /var/run/samba/winbindd.pid 
> exists !
>  *
> Shutting down SAMBA nmbd :  *
> Starting SAMBA nmbd :  *
> Shutting down SAMBA smbd :  *
> Starting SAMBA smbd :  *
> jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd 
> restart && sudo service sernet-samba-nmbd restart && sudo service 
> sernet-samba-smbd restart
> Shutting down SAMBA winbindd :  *
> Starting SAMBA winbindd :  *
> Shutting down SAMBA nmbd :  *
> Starting SAMBA nmbd :  *
> Shutting down SAMBA smbd :  *
> Starting SAMBA smbd :  *
> jonathan.fisher at freeradius:~$ sudo wbinfo -i WINDOWS\\administrator
> WINDOWS\administrator:*:4294967295:4294967295:Administrator:/home/WINDOWS/administrator:/bin/false
> jonathan.fisher at freeradius:~$ sudo net rpc info -UWINDOWS\\Administrator
> Unable to find a suitable server for domain WINDOWS
> jonathan.fisher at freeradius:~$ sudo net rpc info 
> -UWINDOWS\\Administrator -d 10
> INFO: Current debug levels:
>   all: 10
>   tdb: 10
>   printdrivers: 10
>   lanman: 10
>   smb: 10
>   rpc_parse: 10
>   rpc_srv: 10
>   rpc_cli: 10
>   passdb: 10
>   sam: 10
>   auth: 10
>   winbind: 10
>   vfs: 10
>   idmap: 10
>   quota: 10
>   acls: 10
>   locking: 10
>   msdfs: 10
>   dmapi: 10
>   registry: 10
>   scavenger: 10
>   dns: 10
>   ldb: 10
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> INFO: Current debug levels:
>   all: 10
>   tdb: 10
>   printdrivers: 10
>   lanman: 10
>   smb: 10
>   rpc_parse: 10
>   rpc_srv: 10
>   rpc_cli: 10
>   passdb: 10
>   sam: 10
>   auth: 10
>   winbind: 10
>   vfs: 10
>   idmap: 10
>   quota: 10
>   acls: 10
>   locking: 10
>   msdfs: 10
>   dmapi: 10
>   registry: 10
>   scavenger: 10
>   dns: 10
>   ldb: 10
> Processing section "[global]"
> doing parameter netbios name = freeradius
> doing parameter security = ADS
> doing parameter workgroup = WINDOWS
> doing parameter realm = WINDOWS.CORP.XXX.COM <http://WINDOWS.CORP.XXX.COM>
> doing parameter local master = no
> doing parameter log file = /var/log/samba/%m.log
> doing parameter log level = 3
> doing parameter dedicated keytab file = /etc/krb5.keytab
> doing parameter kerberos method = secrets and keytab
> doing parameter winbind refresh tickets = yes
> doing parameter winbind trusted domains only = no
> doing parameter winbind use default domain = no
> doing parameter winbind enum users = yes
> doing parameter winbind enum groups = yes
> doing parameter winbind nested groups = yes
> doing parameter load printers = no
> doing parameter idmap config WINDOWS:backend = autorid
> doing parameter idmap config WINDOWS:range = 10000-99999
> doing parameter domain master = no
> doing parameter local master = no
> doing parameter preferred master = no
> doing parameter template homedir = /home/%D/%U
> doing parameter root preexec = /usr/local/sbin/mkhomedir.sh %U
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> Netbios name list:-
> my_netbios_names[0]="FREERADIUS"
> added interface eth0 ip=192.168.127.134 bcast=192.168.127.255 
> netmask=255.255.255.0
> Registering messaging pointer for type 2 - private_data=(nil)
> Registering messaging pointer for type 9 - private_data=(nil)
> Registered MSG_REQ_POOL_USAGE
> Registering messaging pointer for type 11 - private_data=(nil)
> Registering messaging pointer for type 12 - private_data=(nil)
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> Registering messaging pointer for type 1 - private_data=(nil)
> Registering messaging pointer for type 5 - private_data=(nil)
> internal_resolve_name: looking up WINDOWS#1b (sitename (null))
> Opening cache file at /var/cache/samba/gencache.tdb
> Opening cache file at /var/cache/samba/gencache_notrans.tdb
> no entry for WINDOWS#1B found.
> resolve_ads: Attempting to resolve PDC for WINDOWS using DNS
> dns_send_req: Failed to resolve _ldap._tcp.pdc._msdcs.WINDOWS (Success)
> ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
> internal_resolve_name: looking up WINDOWS#1b (sitename (null))
> no entry for WINDOWS#1B found.
> resolve_lmhosts: Attempting lmhosts lookup for name WINDOWS<0x1b>
> resolve_lmhosts: Attempting lmhosts lookup for name WINDOWS<0x1b>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No 
> such file or directory
> resolve_wins: WINS server resolution selected and no WINS servers listed.
> resolve_hosts: not appropriate for name type <0x1b>
> name_resolve_bcast: Attempting broadcast lookup for name WINDOWS<0x1b>
> Unable to resolve PDC server address
> Unable to find a suitable server for domain WINDOWS
> failed to make ipc connection: NT_STATUS_UNSUCCESSFUL
> return code = -1
> Freeing parametrics:
> jonathan.fisher at freeradius:~$
>
>



More information about the samba mailing list