[Samba] Info
mathias dufresne
infractory at gmail.com
Fri Feb 26 14:31:18 UTC 2016
You should be able to keep clients using the DNS service on the router if
you create a zone on that DNS server which will forward all request related
to AD zones to AD DNS servers.
zone "ad.domain.tld" IN {
type forward;
forward only;
forwarders {
A.B.C.D;
A.B.F.H;
};
Then clients don't need reconfiguration, they still can surf the Big Net,
they can use AD.
2016-02-24 13:36 GMT+01:00 Rowland penny <rpenny at samba.org>:
> On 24/02/16 12:20, Oskar Perger wrote:
>
>> Hi
>> I am running samba 4 on debian jessie. The ad directory controller is
>> running and i can login whit oser accounts but i cant manage them from
>> RSAT
>> on Windows 10. It says "the server is not operational". After that i have
>> changed the dns in the network settings of the client and it works
>> partialy, i can open the user management but i cant change anything.. I
>> have read about problems in dns configuration, becaus of that i checked
>> the
>> settings on myopenwrt router and adjusted them. Now nslookup on my domain
>> works but the error remains... Whats the problem?
>>
>> The domain on the router, wich have dns resolution is
>> "danger.zone"
>> my server is
>> "c3po.danger.zone"
>> The router resolves other clients like voip.danger.zone or
>> r2d2.danger.zone
>> ecc..
>> do i need to add a subdomain like "high.danger.zone" and cal the server
>> "c3po.high.danger.zone" or does it work whit that settings..
>> I have tried to forvard the dns requests to the server in order to disable
>> the openwrt dns but the error remains...
>>
>> here some settings
>> hosts file
>> 192.168.1.10 c3po.danger.zone c3po
>>
>> resolv.conf
>> search danger.zone
>> nameserver 192.168.1.10
>>
>> smb.conf
>>
>> [global]
>> workgroup = DANGER
>> realm = DANGER.ZONE
>> netbios name = C3PO
>> server role = active directory domain controller
>> dns forwarder = 8.8.8.8
>> server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> winbind, ntp_signd, kcc, dnsupdate, dns, smb
>> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
>> backupkey, dnsserver, winreg, srvsvc
>> idmap_ldb:use rfc2307 = yes
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/danger.zone/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> [shared]
>> comment = Shared Folder
>> path = /media/shared
>> read only = No
>> directory mask = 0770
>> create mask = 0770
>>
>> [Users]
>> directory_mode : parameter = 0700
>> read only = no
>> path = /media/users
>> csc policy = documents
>>
>> krb5.conf
>> [libdefaults]
>> default_realm = DANGER.ZONE
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>
> Your Samba4 AD DC needs to be the nameserver for your AD, anything that it
> doesn't know (things outside the domain) should be forwarded to your
> router. To put it another way, your domain clients should use the AD DC for
> their nameserver *not* your router!
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list