[Samba] VPN remote Samba AD DC not located

Lmloge lmloge at orange.fr
Fri Apr 13 14:41:57 UTC 2018


Rowland> You will probably be better off using a proper mail client 
(i.e. thunderbird)

   Ok. That's what I'll do from now on.

Rowland> I am beginning to think you are using Bind9 with flatfiles, 
otherwise
Rowland> all machines would be available to the dns server on any DC.

   There are two locations: 1 (local, where I am physically) and 2 (remote).
   On the remote location (2) "samba-tool domain provision" was made 
with the option "--dns-backend=BIND9_DLZ" a few years ago.
   On the local location (1)  "samba-tool domain provision" was made 
with the option "--dns-backend=SAMBA_INTERNAL" recently.
   Now, how can I confirm this to be sure?

 > First thing, is company.elmts a registered domain name ?

   "company.elmts" is "iodesoft.lan"

 > if so, I would use a subdomain of this instead e.g. ad.company.elmts

   I don't see why.
   I've read it is possible to have one DNS domain name not two or more.
   I think it would be very difficult for me to change it.

 > Provided that the required info is AD and the dns server is set up to 
use this info, the ping commands should work

   I don't understand what you mean.

 > The other question is, why do both DCs have multiplw FQDN's

   I don't understand what you mean.
   I meant that on subnet 192.168.1.0/24 (where there is the SAMBA AD DC 
DNS server 1),
   there is one machine which Fully Qualified Domain Name (FQDN) is 
"hostname_1_1.company.elmts." and IP "192.168.1.11"
   and that there is another one which FQDN is 
"hostname_1_2.company.elmts." with IP "192.168.1.12"
   Etc.


Currently, the problem is:
When I am on machine "hostname_1_1.company.elmts."
and I "ping hostname_2_1.company.elmts."
the local Samba DNS server doesn't know the name 
"hostname_2_1.company.elmts.".
Because the two Samba AD DC do not know each other.
Because the DNS servers (Bind remote and SAMBA_INTERNAL local) do not 
know each other.
I don't know how to make them be aware of each other
and among other things forward the DNS queries to each other when necessary.

Thank you for your help.
--
Léa



On 13/04/2018 3:26 PM, Rowland Penny wrote:
> On Fri, 13 Apr 2018 14:52:59 +0200
> Lmloge<lmloge at orange.fr>  wrote:
>
>> Thank you for your answer.
>>
>> I do not receive anything in my Thunderbird mail boxes.
>> I probably turned off that functionality a long time ago. I don't
>> remember.
>>
>> About the post that I can't find, I sent it from the Web page
>> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
>> by creating a "New topic".
> You will probably be better off using a proper mail client (i.e.
> thunderbird)
>
>> My post was approximately this one:
>> =====================================================================================
>> My problem is about DNS names resolution in case there are:
>> two DNS servers
>> separated by a VPN
>> and one DNS domain name.
>>
>> Context: two Samba AD DC on each side of the VPN, one forest, one
>> domain, one site, two subnets.
>> Note that this target configuration is not yet operational since I'm
>> trying to make the DSN names resolution work first through the VPN.
>> The DNS backend is SAMBA_INTERNAL.
>>
>> +---------------------------+
>> | SUBNET: 192.168.1.0/24
>> +---------------------------+
>> | SAMBA AD DC DNS server 1
>> +---------------------------+
>> | DOMAIN: company.elmts
>> +---------------------------+
>> | hostname_1_1
>> | hostname_1_2
>> | ...
>> | hostname_1_N1
>> +---------------------------+
>> |
>> |
>> VPN
>> |
>> |
>> +--------------------------+
>> | SUBNET: 192.168.2.0/24
>> +--------------------------+
>> | SAMBA AD DC DNS server 2
>> +--------------------------+
>> | DOMAIN: company.elmts
>> +--------------------------+
>> | hostname_2_1
>> | hostname_2_2
>> | ...
>> | hostname_2_N2
>> +--------------------------+
>>
>> Sedentary machines: have their hostname registered either on SAMBA AD
>> DC DNS server 1 or (exclusive) SAMBA AD DC DNS server 2.
>> Nomad machines: have their hostname registered on both SAMBA AD DC
>> DNS servers.
> I am beginning to think you are using Bind9 with flatfiles, otherwise
> all machines would be available to the dns server on any DC.
>
>> --------------------------------------------------------------------
>> On SAMBA AD DC DNS server 1:
>> ----------------------------
>>       FQDN: hostname_1_1.company.elmts. / IP: 192.168.1.11 / SEDENTARY
>>       FQDN: hostname_1_2.company.elmts. / IP: 192.168.1.12 / SEDENTARY
>>       ...
>>       FQDN: nomad_a.company.elmts.      / IP: 192.168.1.53 / NOMAD
>>       FQDN: nomad_b.company.elmts.      / IP: 192.168.1.54 / NOMAD
>>       ...
>> --------------------------------------------------------------------
>>       On SAMBA AD DC DNS server 2:
>> ----------------------------
>>       FQDN: hostname_2_1.company.elmts. / IP: 192.168.2.21 / SEDENTARY
>>       FQDN: hostname_2_2.company.elmts. / IP: 192.168.2.22 / SEDENTARY
>>       ...
>>       FQDN: nomad_a.company.elmts.      / IP: 192.168.2.65 / NOMAD
>>       FQDN: nomad_b.company.elmts.      / IP: 192.168.2.66 / NOMAD
>>       ...
>> --------------------------------------------------------------------
>>
>> For now, if I `ping hostname_2_1` from `hostname_1_1`, the name
>> `hostname_2_1` is not resolved.
>> How can I make this work?
> First thing, is company.elmts a registered domain name ? if so, I would
> use a subdomain of this instead e.g. ad.company.elmts
>
> Provided that the required info is AD and the dns server is set up to
> use this info, the ping commands should work (provided the VPN is
> working correctly). If the 'ping' doesn't work, then it is unlikely
> replication will work either.
>
> The other question is, why do both DCs have multiplw FQDN's
>
> Rowland
>



More information about the samba mailing list