[Samba] IP address getting overridden by Samba and domain member?
Mark Foley
mfoley at ohprs.org
Tue May 2 01:36:13 UTC 2017
I have been running Samba 4 as an AD/DC for a couple of years now with few problems. I
provisioned the domain using --dns-backend=BIND9_FLATFILE and the /etc/named.conf includes the
samba-tool provision created file /var/lib/samba/private/named.conf, with zone files in
/var/lib/samba/private/dns.
All that has been working just fine for for 2 or 3 years.
Lately, I added a VirtualBox XP guest virtual machine to the domain running SQL Server 2005 to
service a legacy application. The virtual machine implements a virtual "router" which dhcp
assigns an IP to the XP: 10.0.2.15 (host name: traverse). In the VM I have configured
port-forwarding to forward requests made to the Linux VM host (192.168.02) on port 1433 to the
VM port 1433.
>From domain workstations you cannot access the SQL Server via 10.0.2.15:1433. You can, however,
access the SQL Server via 192.168.0.2:1433.
No problem, I thought. I created an 'A' record in the zone file as:
TRAVERSE A 192.168.0.2
so now 192.168.0.2 has two hostnames that resolve to that address. That worked ... for a while.
Initially, the host command gave:
$ host traverse
TRAVERSE.hprs.local has address 192.168.0.2
Domain workstations were able to access the SQL Server. However, after some period of time,
that changed:
$ host traverse
TRAVERSE.hprs.local has address 10.0.2.15
Something is changing the DNS entry for this host from 192.168.0.2 to 10.0.2.15. What?
Here's my theory. Windows domain members want to update the DNS via, I assume, the DC/AD. If not
permitted to do so I get the message:
syslog:Jul 30 20:35:20 mail named[792]: client 192.168.0.101#58026: update 'hprs.local/IN' denied
in /var/log/syslog. To fix that, I added the following to the zone file:
allow-update { 192.168.0.0/24; 127.0.0.1; };
So, the question is this: is Samba honoring requests from the XP VM to update the DNS? If so,
can I shut that off for a single host?
If not Samba, it must be something else, but I don't know what.
This is getting urgent. Users cannot access the SQL Server.
I'm running Slackware64 14.2, Samba 4.4.13 and BIND 9.10.4-P6
Thanks for any help.
--Mark
More information about the samba
mailing list