[Samba] Info

mathias dufresne infractory at gmail.com
Fri Feb 26 14:31:18 UTC 2016


You should be able to keep clients using the DNS service on the router if
you create a zone on that DNS server which will forward all request related
to AD zones to AD DNS servers.

zone "ad.domain.tld" IN {
  type forward;
  forward only;
  forwarders {
    A.B.C.D;
    A.B.F.H;
};

Then clients don't need reconfiguration, they still can surf the Big Net,
they can use AD.

2016-02-24 13:36 GMT+01:00 Rowland penny <rpenny at samba.org>:

> On 24/02/16 12:20, Oskar Perger wrote:
>
>> Hi
>> I am running samba 4 on debian jessie. The ad directory controller is
>> running and i can login whit oser accounts but i cant manage them from
>> RSAT
>> on Windows 10. It says "the server is not operational". After that i have
>> changed the dns in the network settings of the client and it works
>> partialy, i can open the user management but i cant change anything.. I
>> have read about problems in dns configuration, becaus of that i checked
>> the
>> settings on myopenwrt router and adjusted them. Now nslookup on my domain
>> works but the error remains... Whats the problem?
>>
>> The domain on the router, wich have dns resolution is
>> "danger.zone"
>> my server is
>> "c3po.danger.zone"
>> The router resolves other clients like voip.danger.zone or
>> r2d2.danger.zone
>> ecc..
>> do i need to add a subdomain like "high.danger.zone" and cal the server
>> "c3po.high.danger.zone" or does it work whit that settings..
>> I have tried to forvard the dns requests to the server in order to disable
>> the openwrt dns but the error remains...
>>
>> here some settings
>> hosts file
>> 192.168.1.10    c3po.danger.zone        c3po
>>
>> resolv.conf
>> search danger.zone
>> nameserver 192.168.1.10
>>
>> smb.conf
>>
>> [global]
>>          workgroup = DANGER
>>          realm = DANGER.ZONE
>>          netbios name = C3PO
>>          server role = active directory domain controller
>>          dns forwarder = 8.8.8.8
>>          server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> winbind, ntp_signd, kcc, dnsupdate, dns, smb
>>          dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
>> backupkey, dnsserver, winreg, srvsvc
>>          idmap_ldb:use rfc2307 = yes
>>
>> [netlogon]
>>          path = /var/lib/samba/sysvol/danger.zone/scripts
>>          read only = No
>>
>> [sysvol]
>>          path = /var/lib/samba/sysvol
>>          read only = No
>>
>> [shared]
>>          comment = Shared Folder
>>          path = /media/shared
>>          read only = No
>>          directory mask = 0770
>>          create mask = 0770
>>
>> [Users]
>>          directory_mode : parameter = 0700
>>          read only = no
>>          path = /media/users
>>          csc policy = documents
>>
>> krb5.conf
>> [libdefaults]
>>          default_realm = DANGER.ZONE
>>          dns_lookup_realm = false
>>          dns_lookup_kdc = true
>>
>
> Your Samba4 AD DC needs to be the nameserver for your AD, anything that it
> doesn't know (things outside the domain) should be forwarded to your
> router. To put it another way, your domain clients should use the AD DC for
> their nameserver *not* your router!
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list