[Samba] AD RODC not being used because of missing DNS entries?

tomict samba at iucn.nl
Sat Oct 20 19:59:08 UTC 2018 

>> BTW how did you make this tree view?

>I have lots of time, so I typed it ;-)


Thanks for your time! :-)


>> There seem to be two problems with my RODC  DC2:
>> 1) DNS records were not generated when joining the domain. This is
>> perhaps caused by some kind of timeout problem. 

>Not sure about this, but you could be correct.


I can live with that. I only needed to input 4 entries manually (although I made that a challenge as well, see below)


>>2) manual addition of the "_msdcs" records
>> resulted in a wrong path (see below)

> The 'wrong path' is because you gave it the wrong path ;-)

Aaaagh! @#!%@%!


>If you run 'samba-tool dns zonelist 127.0.0.1 -U Administrator' it will
>show your DNS zones, one of which should start with '_msdcs'.

>So, your commands:
<....>
>Should have been:

>samba-tool dns add DC1 _msdcs.ad.example.nl _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.example.nl SRV 'DC2.ad.example.nl 389 0 100'
>samba-tool dns add DC1 _msdcs.ad.example.nl _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.example.nl SRV 'DC2.ad.example.nl 88 0 100'

>Delete the wrong entries.

>Rowland


Thanks for pointing that out. _msdcs is a zone! I did not realize that when I got the entries from the file /var/lib/samba/dns_update_list. The records are in place now.

I suppose the DNS entries in the other locations are not necessary for domain control on my RODC? I will know next week if DC2 starts being used. 

To make my RODC ready for duty should DC1 fail I added, using the windows DNS manager:
1) a NS record pointing to my RODC (DC2) as name server in the AD. 
2) a A record in ad.example.nl with blank hostname ('same as parent folder') pointing to the ip address of DC2
And I will preload user en computer accounts.

@Rowland: thank you very much for the help, much appreciated!

 
regards,

 Tom




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list