[Samba] Info

Rowland penny rpenny at samba.org
Wed Feb 24 12:36:01 UTC 2016


On 24/02/16 12:20, Oskar Perger wrote:
> Hi
> I am running samba 4 on debian jessie. The ad directory controller is
> running and i can login whit oser accounts but i cant manage them from RSAT
> on Windows 10. It says "the server is not operational". After that i have
> changed the dns in the network settings of the client and it works
> partialy, i can open the user management but i cant change anything.. I
> have read about problems in dns configuration, becaus of that i checked the
> settings on myopenwrt router and adjusted them. Now nslookup on my domain
> works but the error remains... Whats the problem?
>
> The domain on the router, wich have dns resolution is
> "danger.zone"
> my server is
> "c3po.danger.zone"
> The router resolves other clients like voip.danger.zone or r2d2.danger.zone
> ecc..
> do i need to add a subdomain like "high.danger.zone" and cal the server
> "c3po.high.danger.zone" or does it work whit that settings..
> I have tried to forvard the dns requests to the server in order to disable
> the openwrt dns but the error remains...
>
> here some settings
> hosts file
> 192.168.1.10    c3po.danger.zone        c3po
>
> resolv.conf
> search danger.zone
> nameserver 192.168.1.10
>
> smb.conf
>
> [global]
>          workgroup = DANGER
>          realm = DANGER.ZONE
>          netbios name = C3PO
>          server role = active directory domain controller
>          dns forwarder = 8.8.8.8
>          server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate, dns, smb
>          dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
> backupkey, dnsserver, winreg, srvsvc
>          idmap_ldb:use rfc2307 = yes
>
> [netlogon]
>          path = /var/lib/samba/sysvol/danger.zone/scripts
>          read only = No
>
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
>
> [shared]
>          comment = Shared Folder
>          path = /media/shared
>          read only = No
>          directory mask = 0770
>          create mask = 0770
>
> [Users]
>          directory_mode : parameter = 0700
>          read only = no
>          path = /media/users
>          csc policy = documents
>
> krb5.conf
> [libdefaults]
>          default_realm = DANGER.ZONE
>          dns_lookup_realm = false
>          dns_lookup_kdc = true

Your Samba4 AD DC needs to be the nameserver for your AD, anything that 
it doesn't know (things outside the domain) should be forwarded to your 
router. To put it another way, your domain clients should use the AD DC 
for their nameserver *not* your router!

Rowland




More information about the samba mailing list