[Samba] Samba, AD, 'short' name resolving...

Marco Gaiarin gaio at sv.lnf.it
Fri Jun 8 09:25:33 UTC 2018 

Mandi! Rowland Penny via samba
  In chel di` si favelave...

> This is probably where you are going wrong. AD lives and dies on DNS,
> your DC MUST be authoritative for the AD domain.

...but *is* authoritative! Simply DHCP server assign the ''old'' DNS,
where all resolution fr the AD (sub)domain are forwarded to AD DNS...


> Your AD clients should be using the DC as their nameserver and anything
> outside the AD dns domain, should be forwarded to to a DNS server
> outside the AD dns domain. This means that your DHCP server must send
> the AD dns domain to the AD machines.

You are meaning here, literally: windows client try to register/update
DNS using ONLY the dns provided by DHCP?
Or, speaking differently the same thing, windows client suppose blindly
that DNS got by DHCP ARE AD DCs?

Oh, my god... seems to me so stupid...

And, afterall, why when the machine account get created, the IP address
are correctly added?


> I think you mean that something like this doesn't work:
> rowland at devstation:~$ ping -c1 dc4

No, i've narrowed down a bit... DNS works in this way, as expected.

Touble arise in windows client accessing server aliases; I'm used to
define some aliases for servers (so i use \\FILEPP\).
I define aliases with:

a) cname in AD DNS, and work:

	root at vdmtms1:~# host filepp
	filepp.ad.fvg.lnf.it is an alias for vdmpp1.ad.fvg.lnf.it.
	vdmpp1.ad.fvg.lnf.it has address 10.27.1.22

b) 'netbios aliases' in smb.conf:

	netbios aliases = CUPSPP FILEPP HOMEPP

c) SPN aliases:

	samba-tool spn add HOST/filepp.ad.fvg.lnf.it vdmpp1$
        samba-tool spn add HOST/FILEPP vdmpp1$

but still windows client cannot access '\\FILEPP' in network where
there's no a WINS server.

I've to dig better this, could be caused by a ''temporary mistakes''
that i've then fixed, but... seems strange to me.


> > Probably i've done something wrong, but anyway seems that have a WINS
> > server in a AD domain to resolv local hostname does not hurt. ;-)
> It doesn't hurt, but, in a correctly set up AD domain, it isn't
> required ;-)

Ok, i'll keep for now a local WINS server, and i will try to
fix/understand all that stuff...

Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list