[Samba] Samba4 AD cannot see machines in windows browser

Wed Jul 18 20:43:34 UTC 2018

Hi  Rowland.

Them to understand, we have different paths depend on how we would like to
register our windows machines to our DNS.

1; By DHCP
2; Manually with samba-tool
3; Let windows handle this, here is my doubt how can our clients(windows
boxes) do this?

Exist a recommendation by samba team?

Thanks for your help.

Peter.

On Wed, Jul 18, 2018 at 12:19 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Tue, 17 Jul 2018 15:07:53 -0700
> Alberto Moreno via samba <samba at lists.samba.org> wrote:
>
> > On Tue, Jul 17, 2018 at 1:57 PM Alberto Moreno <portsbsd at gmail.com>
> > wrote:
> >
> > >
> > >
> > > On Tue, Jul 17, 2018 at 1:18 PM Rowland Penny via samba <
> > > samba at lists.samba.org> wrote:
> > >
> > >> On Tue, 17 Jul 2018 12:59:25 -0700
> > >> Alberto Moreno via samba <samba at lists.samba.org> wrote:
> > >>
> > >> Hi Moreno, see inline comments:
> > >>
> > >> > Hi
> > >> >
> > >> > On Tue, Jul 17, 2018 at 12:38 PM Rowland Penny via samba <
> > >> > samba at lists.samba.org> wrote:
> > >> >
> > >> > > On Tue, 17 Jul 2018 12:16:56 -0700
> > >> > > Alberto Moreno via samba <samba at lists.samba.org> wrote:
> > >> > >
> > >> > > > Hi.
> > >> > > >
> > >> > > > I'm continuing learning samba4.
> > >> > > >
> > >> > > > I had add some machines to the domain, windows 10 Pro.
> > >> > > >
> > >> > > > But I open windows browser and don't see my domain and my
> > >> > > > machines.
> > >> > > >
> > >> > > > Is normal with samba4?
> > >> > >
> > >> > > Depending on how you set up Samba, yes and no.
> > >> > >
> > >> > > >
> > >> > > > My smb.conf
> > >> > > >
> > >> > > > # Global parameters
> > >> > > > [global]
> > >> > > >         netbios name = MBXDC1
> > >> > > >         realm = MBX.LOCAL
> > >> > > >         server role = active directory domain controller
> > >> > > >         server services = s3fs, rpc, nbt, wrepl, ldap,
> > >> > > > cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
> > >> > > >         workgroup = MBX
> > >> > > >         idmap_ldb:use rfc2307 = yes
> > >> > > >         log level = 5
> > >> > > >
> > >> > > > [netlogon]
> > >> > > >         path
> > >> > > > = /usr/local/samba/var/locks/sysvol/mbx.local/scripts read
> > >> > > > only = No
> > >> > > >
> > >> > > > [sysvol]
> > >> > > >         path = /usr/local/samba/var/locks/sysvol
> > >> > > >         read only = No
> > >> > >
> > >> > > Ah, it is an AD DC, so the answer is definitely yes, there is
> > >> > > no browsing with a Samba AD DC.
> > >> > >
> > >> > >
> > >> > Now, who manage the machine list in the network?
> > >>
> > >> The DNS server on the DC
> > >>
> > >
> > > Got it.
> > >
> > >
> > >> >
> > >> > >
> > >> > > > Other thing, I try to increase my log level, but samba won't
> > >> > > > accept, it continue with log level = 2.
> > >> > >
> > >> > > Did you restart Samba after making the change ?
> > >> > >
> > >> > >
> > >> > Yes, I stop first and latter start the service.
> > >>
> > >> Then it should work, unless nothing happened over log level 2 ;-)
> > >>
> > >
> > > Got it.
> > >
> > >
> > >> >
> > >> > >
> > >> > > > My windows machines had the computer browser service off and
> > >> > > > fw off.
> > >> > >
> > >> > > How do you expect to use a browser service that is turned off ?
> > >> > > Not that it will help if you do turn it on.
> > >> > >
> > >> > >
> > >> > Just to understand, in samba NT4 domain, the recommendation was
> > >> > that, must exist only 1 network browser in the network, them we
> > >> > had to turn off this service(computer browser) under windows
> > >> > machines, because this service conflict with samba, the reason
> > >> > was that those machines will try to became master/local browser
> > >> > in the domain and start sending packets all over the network
> > >> > which is traffic unnecessary.
> > >> >
> > >> > With samba4 AD setup, the rule continue or I was wrong?
> > >>
> > >> Ye, the rule continues for Unix domain members, but there is no
> > >> browsing of Samba AD DC's, they will not show up in a Windows
> > >> Browser, you should use DNS instead. You should also be aware that
> > >> Windows is moving away from network browsing.
> > >>
> > >
> > > Got it.
> > >
> > > >
> > >> >
> > >> > > >
> > >> > > > Samba version 4.7.8 CentOS Linux release 7.5.1804 (Core)
> > >> > >
> > >> > > How did you provision an AD DC using Centos packages, I
> > >> > > thought you still couldn't use them for a DC.
> > >> > >
> > >> > >
> > >> > I install samba4 from src(make && make install).
> > >>
> > >> OK, just checking ;-)
> > >>
> > >>
> > > :-).
> > >
> > > > Thanks for your help Penny.
> > >> >
> > >>
> > >> Please do not refer to me by my surname.
> > >>
> > >
> > > My apologies, my mistake.
> > >
> > >
> > >> Rowland
> > >>
> > >> --
> > >> To unsubscribe from this list go to the following URL and read the
> > >> instructions:  https://lists.samba.org/mailman/options/samba
> > >>
> > > --
> > > LIving the dream...
> > >
> >
> > I setup DNS as backend which is running under the same server.
> >
> > I have done my test like the wiki and works.
> >
> > host -t SRV _ldap._tcp.MBX.LOCAL.
> > _ldap._tcp.MBX.LOCAL has SRV record 0 100 389 mbxdc1.mbx.local.
> >
> > host -t SRV _kerberos._udp.MBX.LOCAL.
> > _kerberos._udp.MBX.LOCAL has SRV record 0 100 88 mbxdc1.mbx.local.
> >
> >  host -t A MBXDC1.MBX.LOCAL.
> > MBXDC1.MBX.LOCAL has address 192.168.1.5
> >
> > But if I query a client won't answer:
> >
> > host -t A MBX-TEST1.MBX.LOCAL.
> > Host MBX-TEST1.MBX.LOCAL. not found: 3(NXDOMAIN)
> >
> > I have run
> >
> > samba_dnsupdate --verbose
> >
> > But don't see my  clients.
> >
> > What else do I need to allow bind to record my clients?
> >
> > Looks like I had follow the wiki all the way.
> >
> > In what stage does bind record the new machine?
> >
>
> It doesn't, Either you have to add them with samba-tool, or get DHCP to
> add them, or allow Windows clients to add & update their own records.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
LIving the dream...