[Samba] VPN remote Samba AD DC not located
Lmloge
lmloge at orange.fr
Fri Apr 13 14:41:57 UTC 2018
Rowland> You will probably be better off using a proper mail client
(i.e. thunderbird)
Ok. That's what I'll do from now on.
Rowland> I am beginning to think you are using Bind9 with flatfiles,
otherwise
Rowland> all machines would be available to the dns server on any DC.
There are two locations: 1 (local, where I am physically) and 2 (remote).
On the remote location (2) "samba-tool domain provision" was made
with the option "--dns-backend=BIND9_DLZ" a few years ago.
On the local location (1) "samba-tool domain provision" was made
with the option "--dns-backend=SAMBA_INTERNAL" recently.
Now, how can I confirm this to be sure?
> First thing, is company.elmts a registered domain name ?
"company.elmts" is "iodesoft.lan"
> if so, I would use a subdomain of this instead e.g. ad.company.elmts
I don't see why.
I've read it is possible to have one DNS domain name not two or more.
I think it would be very difficult for me to change it.
> Provided that the required info is AD and the dns server is set up to
use this info, the ping commands should work
I don't understand what you mean.
> The other question is, why do both DCs have multiplw FQDN's
I don't understand what you mean.
I meant that on subnet 192.168.1.0/24 (where there is the SAMBA AD DC
DNS server 1),
there is one machine which Fully Qualified Domain Name (FQDN) is
"hostname_1_1.company.elmts." and IP "192.168.1.11"
and that there is another one which FQDN is
"hostname_1_2.company.elmts." with IP "192.168.1.12"
Etc.
Currently, the problem is:
When I am on machine "hostname_1_1.company.elmts."
and I "ping hostname_2_1.company.elmts."
the local Samba DNS server doesn't know the name
"hostname_2_1.company.elmts.".
Because the two Samba AD DC do not know each other.
Because the DNS servers (Bind remote and SAMBA_INTERNAL local) do not
know each other.
I don't know how to make them be aware of each other
and among other things forward the DNS queries to each other when necessary.
Thank you for your help.
--
Léa
On 13/04/2018 3:26 PM, Rowland Penny wrote:
> On Fri, 13 Apr 2018 14:52:59 +0200
> Lmloge<lmloge at orange.fr> wrote:
>
>> Thank you for your answer.
>>
>> I do not receive anything in my Thunderbird mail boxes.
>> I probably turned off that functionality a long time ago. I don't
>> remember.
>>
>> About the post that I can't find, I sent it from the Web page
>> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
>> by creating a "New topic".
> You will probably be better off using a proper mail client (i.e.
> thunderbird)
>
>> My post was approximately this one:
>> =====================================================================================
>> My problem is about DNS names resolution in case there are:
>> two DNS servers
>> separated by a VPN
>> and one DNS domain name.
>>
>> Context: two Samba AD DC on each side of the VPN, one forest, one
>> domain, one site, two subnets.
>> Note that this target configuration is not yet operational since I'm
>> trying to make the DSN names resolution work first through the VPN.
>> The DNS backend is SAMBA_INTERNAL.
>>
>> +---------------------------+
>> | SUBNET: 192.168.1.0/24
>> +---------------------------+
>> | SAMBA AD DC DNS server 1
>> +---------------------------+
>> | DOMAIN: company.elmts
>> +---------------------------+
>> | hostname_1_1
>> | hostname_1_2
>> | ...
>> | hostname_1_N1
>> +---------------------------+
>> |
>> |
>> VPN
>> |
>> |
>> +--------------------------+
>> | SUBNET: 192.168.2.0/24
>> +--------------------------+
>> | SAMBA AD DC DNS server 2
>> +--------------------------+
>> | DOMAIN: company.elmts
>> +--------------------------+
>> | hostname_2_1
>> | hostname_2_2
>> | ...
>> | hostname_2_N2
>> +--------------------------+
>>
>> Sedentary machines: have their hostname registered either on SAMBA AD
>> DC DNS server 1 or (exclusive) SAMBA AD DC DNS server 2.
>> Nomad machines: have their hostname registered on both SAMBA AD DC
>> DNS servers.
> I am beginning to think you are using Bind9 with flatfiles, otherwise
> all machines would be available to the dns server on any DC.
>
>> --------------------------------------------------------------------
>> On SAMBA AD DC DNS server 1:
>> ----------------------------
>> FQDN: hostname_1_1.company.elmts. / IP: 192.168.1.11 / SEDENTARY
>> FQDN: hostname_1_2.company.elmts. / IP: 192.168.1.12 / SEDENTARY
>> ...
>> FQDN: nomad_a.company.elmts. / IP: 192.168.1.53 / NOMAD
>> FQDN: nomad_b.company.elmts. / IP: 192.168.1.54 / NOMAD
>> ...
>> --------------------------------------------------------------------
>> On SAMBA AD DC DNS server 2:
>> ----------------------------
>> FQDN: hostname_2_1.company.elmts. / IP: 192.168.2.21 / SEDENTARY
>> FQDN: hostname_2_2.company.elmts. / IP: 192.168.2.22 / SEDENTARY
>> ...
>> FQDN: nomad_a.company.elmts. / IP: 192.168.2.65 / NOMAD
>> FQDN: nomad_b.company.elmts. / IP: 192.168.2.66 / NOMAD
>> ...
>> --------------------------------------------------------------------
>>
>> For now, if I `ping hostname_2_1` from `hostname_1_1`, the name
>> `hostname_2_1` is not resolved.
>> How can I make this work?
> First thing, is company.elmts a registered domain name ? if so, I would
> use a subdomain of this instead e.g. ad.company.elmts
>
> Provided that the required info is AD and the dns server is set up to
> use this info, the ping commands should work (provided the VPN is
> working correctly). If the 'ping' doesn't work, then it is unlikely
> replication will work either.
>
> The other question is, why do both DCs have multiplw FQDN's
>
> Rowland
>
More information about the samba
mailing list