[Samba] /etc/hosts and DHCP

Rowland Penny rowlandpenny241155 at gmail.com
Fri Sep 25 16:18:02 UTC 2015


On 25/09/15 17:05, Ross Boylan wrote:
>
>
> On Fri, Sep 25, 2015 at 12:49 AM, Rowland Penny 
> <rowlandpenny241155 at gmail.com <mailto:rowlandpenny241155 at gmail.com>> 
> wrote:
>
>     On 24/09/15 22:08, Ross Boylan wrote:
>
>         I am trying to follow the advice on
>         https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server.
>         Among
>         other things, it says "Make sure that your /etc/hosts has a
>         valid entry for
>         resolving your hostname to its public IP (not 127.0.0.1!),
>         when you join
>         the domain:"
>
>         But my machine is using DHCP and so I can't hard code this. 
>         What to do?
>
>
>     Ignore the wiki and don't put anything in /etc/hosts, if (like on
>     ubuntu) you have 127.0.1.1 pointing to your hostname, remove or
>     comment out this line, but you really should give a member server
>     a fixed ip
>
>
>         I am using Debian's resolvconf and bind.  I suspect I'll need
>         to use bind
>         to manage things properly, but perhaps I could let samba do
>         the name
>         resolution.
>
>
>     you need to use the internal DNS or bind DNS, you cannot use both.
>
> Understood.  My meaning was using samba in place of bind.
> Things are even messier, because the VM is relying on DNS from the 
> virtual network (libvirt's internal dnsmasq) at the moment.
>
>
>
>         A possibly related issue is that the machine has 2 network
>         interfaces, one
>         for a private network and one for the public one that
>         participates in the
>         AD.  So there is not one right answer for the name -> IP
>         resolution, though
>         possibly the fully qualified domain name that goes with active
>         directory
>         could be reserved for the external IP.
>
>
>     This could be interesting, how are you going to authenticate the
>     private network users to a machine that is joined to a domain?
>
> I don't follow.  The machine has Unix users and a mapping between AD 
> users and Unix users.  Are you saying I can't have both, and that my 
> users must come either from AD or from local sources, but not both?

With samba3 you could have Unix users and Samba users which were synced 
together, if you set up Samba4 and join it to an AD domain, then all 
your user & group info is stored in AD, you cannot have a local Unix 
user on the AD joined machine with the same name as an AD user. This 
means that if you have a user in your private network called 'fred' and 
he connects to your AD member server (fileserver, client, call it what 
you will) and there is a user called 'fred' in AD, the user 'may' be 
able to connect, but not if either of the users was to change their 
password, because now the user wouldn't have the same password as the AD 
user 'fred'. I hope you get my drift, the whole idea behind AD is 
centralisation  of authentication etc.

Rowland

>
>
>
>
>         I'm going on the assumption that "AD Member Server" is what I
>         want, because
>         I want to join the domain, use it for authentication, and
>         server files.
>         Originally I thought "Member Server" meant I was publicly
>         serving up
>         members of the domain; that is not my intention.
>
>
>     The term 'member server' is a bit of a misnomer, it really should
>     be 'a Linux client that serves files', any Linux client is
>     basically set up in the same way, what you do with it after, is
>     what defines its role.
>
> Thanks.  So it's a server that's a domain member, not a server that 
> serves member identities (which would make it a controller).
>
> Ross



More information about the samba mailing list