[Samba] Recommended DNS configuration on Domain Controllers causes share by IP name to fail

L.P.H. van Belle belle at bazuin.nl
Wed Nov 30 13:32:08 UTC 2016 

Your correct, the wiki is wrong. 

Preconditions
This line should be changed.
Verify that the host name in /etc/resolv.conf resolves to the network IP and not to 127.0.0.1 (localhost).

To : 
Verify that the host name in /etc/hosts resolves to the network IP and not to 127.0.0.1 (localhost).
And
127.0.0.1     localhost localhost.localdomain
10.99.0.2     DC2.samdom.example.com     DC2 

DNS Resolving. Is correct, the name server is pointing to the first DC. 

And i would suggest, 
before the Verify the DNS Entries. 
Add a "Reboot the server, wait a few min, depending on the samba AD DB size." 

Now proceed with the dns checks and database replications. 

I dont know it this are all fixed in the comming 4.5.2, but in lots of cases, the the DNS resolving doesnt work, the needed records are not created at startup of samba. But after a reboot this works most of the time. 

And this part. 
DNS Configuration on Domain Controllers.
If you are running more than two DCs, you can configure the IPs in crosswise direction. 
Add: but only after you joined the server, rebooted at least 1-2 times and you checked the dns entries and ad database replication. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via
> samba
> Verzonden: woensdag 30 november 2016 14:10
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Recommended DNS configuration on Domain Controllers
> causes share by IP name to fail
> 
> On Wed, 30 Nov 2016 13:17:18 +0100
> Izan Díez Sánchez via samba <samba at lists.samba.org> wrote:
> 
> > Hi,
> >
> > Following DNS configuration of multiple DCs recommended on the wiki
> >
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_
> Di
> > rectory#DNS_Configuration_on_Domain_Controllers , clients are unable
> > to open windows shares based on the server IP, for example
> > \\133.1.1.24 . However they work fine opening either the netbios name
> > or the DNS name, for example \\FILESERVER1 or
> > \\FILESERVER1.domain.local
> >
> > Here it is what the article says:
> >
> > ------------------------------------------------------------------
> > DNS Configuration on Domain Controllers
> >
> > The DNS configuration on domain controllers (DC) is important,
> > because if it is unable to locate other DCs the replication will
> > fail. The following is a best practice for DNS configuration on
> > domain controllers (DC): Set the local IP of a DC as secondary or
> > tertiary nameserver entry in its /etc/resolv.conf file and use a
> > different Active Directory (AD) DNS server IP from the forest as
> > primary name server. For example: On the new joined DC, use the
> > 10.99.0.1 IP of the existing DC as primary and the local 10.99.0.2 IP
> > as secondary nameserver entry: nameserver 10.99.0.1
> > nameserver 10.99.0.2       # IP of the new joined DC as secondary
> > entry search samdom.example.com
> > If you are running more than two DCs, you can configure the IPs in
> > crosswise direction.
> > ------------------------------------------------------------------
> >
> > This only occurs with Windows File Servers and never with other Samba
> > members of the AD. If tried to access via the graphical interface the
> > explorer just takes forever and hangs. The following error is thrown
> > in the command line:
> >
> > C:\Users\ids>net view \\133.1.1.24
> > System error 53.
> >
> > The network path was not found.
> >
> >
> > Changing the configuration of /etc/resolv.conf to the following:
> >
> > nameserver 10.99.0.2 	# IP of the new joined DC as secondary
> > entry nameserver 10.99.0.1
> > search samdom.example.com
> >
> > That is, always the first name server as itself in every DC of the
> > domain. Makes the shares referred as the IP to work as expected. I
> > tested in a pure Windows AD and this is the normal behavior.
> >
> > It seems that is some kind of dns query loop trying to do the reverse
> > name resolution, but I wasn??t able to debug further.
> >
> > Has anyone experienced something similar?
> 
> I am now beginning to think the wiki is wrong. The new DC needs to
> point to an existing DC during the join, this way it will replicate
> correctly, but once the replication has occurred, it should point to
> its own IP.
> 
> The wiki was written the way it is because of concerns over
> 'islanding', I do not think this is a real concern, because every DC
> holds all the domain DNS records and should be able to find any other
> machine in the domain.
> 
> Rowland
> 
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list