[Samba] AD RODC not being used because of missing DNS entries?
Rowland Penny
rpenny at samba.org
Sat Oct 20 15:39:48 UTC 2018
On Sat, 20 Oct 2018 17:04:20 +0200 (CEST)
tomict via samba <samba at lists.samba.org> wrote:
>
> > OK, I have checked from Windows and my dns looks like this:
> > DC2-|
> > |- Forward Lookup Zone
> > |- samdom.example.com
>
> You have much more dc2 entries, I only have 4 from my manual
> additions. Your dns setup is the same as the setup that I had last
> year when testing with a second non-RODC Domain Controller.
>
> BTW how did you make this tree view?
I have lots of time, so I typed it ;-)
>
> There seem to be two problems with my RODC DC2:
> 1) DNS records were not generated when joining the domain. This is
> perhaps caused by some kind of timeout problem.
Not sure about this, but you could be correct.
>However samba only
> complains about 4 records 2) manual addition of the "_msdcs" records
> resulted in a wrong path (see below)
>
The 'wrong path' is because you gave it the wrong path ;-)
If you run 'samba-tool dns zonelist 127.0.0.1 -U Administrator' it will
show your DNS zones, one of which should start with '_msdcs'.
So, your commands:
samba-tool dns add DC1 ad.example.nl _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.example.nl SRV 'DC2.ad.example.nl 389 0 100'
samba-tool dns add DC1 ad.example.nl _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.example.nl SRV 'DC2.ad.example.nl 88 0 100'
Should have been:
samba-tool dns add DC1 _msdcs.ad.example.nl _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.example.nl SRV 'DC2.ad.example.nl 389 0 100'
samba-tool dns add DC1 _msdcs.ad.example.nl _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.example.nl SRV 'DC2.ad.example.nl 88 0 100'
Delete the wrong entries.
Rowland
More information about the samba
mailing list