[Samba] DNS forwarding not working.
durwin at mgtsciences.com
durwin at mgtsciences.com
Fri Apr 26 20:23:33 UTC 2019
Previous reply I said I will use subnet. I meant subdomain.
>
> > > > I followed this url to set up Samba AD DC.
> > > > https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.
> > > 04-samba-AD_DC.txt
> > > >
> > > > I do have it working. I am testing with a Windows 10 VM as a
> > > > member of the domain.
> > > > The machine joins the domain. Also, as administrator, I can
> > > > create and enforce
> > > > Group Policies. from this Windows machine.
> > > >
> > > > I have a Fedora 29 server which serves DHCP and DNS (and DDNS).
> > > > This all works.
> > > > When I installed Samba DC, I specified this DNS server as a
> > > > forwarder.
> > >
> > > Is this dns server also authoritative for the same dns domain as
> > > the AD domain ?
> >
> > Yes, the Fedora29 server is authoritative.
> >
> > >
> > > >
> > > > On the DC server (named dc0) I can enter command,
> > > > > dig other_machine_in_lan
> > > > and get correct response.
> > > > If I enter this command,
> > > > > dig @localhost other_machine_in_lan
> > > > It fails. Dig from domain member of course also fails.
> > > >
> > > > I know you may need more information to diagnose, but there are so
> > > > many files that could
> > > > be part of the problem I do not know which to send.
> > > >
> > >
> > > Lets start with the smb.conf from the DC, your DC's FQDN and
> > > ipaddress (sanitised if you have to) and the same for your Fedora
> > > dns server.
> > === DC server smb.conf ===
> > Ubuntu18.04> less /etc/samba/smb.conf
> > # Global parameters
> > [global]
> > netbios name = DC0
> > realm = company.COM
> > server role = active directory domain controller
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> > winbindd, ntp_signd, kcc, dnsupdate
> > workgroup = company
> > idmap_ldb:use rfc2307 = yes
> >
> > [netlogon]
> > path = /var/lib/samba/sysvol/company.com/scripts
> > read only = No
> >
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> > === END DC server smb.conf ===
> >
> > DC FQDN - dc0.company.com (172.23.93.25)
> >
> > Fedora server - zaphod.company.com (172.23.93.3)
>
>
> So your DC is authoritative for the 'company.com' dns domain and holds
> all the AD dns domain records.
> zaphod is authoritative for 'company.com' dns domain and presumably
> holds none of the AD dns domain records
>
> Can you not not see what is wrong here and why forwarding doesn't work ?
>
> You should have used a subdomain of 'company.com' for your AD dns
> domain (perhaps ad.company.com)
>
> When you ask your DC for 'dnsclient.company.com' (where 'dnsclient' is
> not an AD domain member), your DC will not forward it anywhere because
> it is authoritative for the 'company.com' dns domain, it will just
> return 'not known' or words to that effect.
>
> I, personally, would transfer all the dns & dhcp roles from zaphod to
> your DC, or start again with a new subdomain on your DC.
>
> Your forwarders need to be outside your AD dns domain.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
This email message and any attachments are for the sole use of the
intended recipient(s) and may contain proprietary and/or confidential
information which may be privileged or otherwise protected from
disclosure. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient(s), please contact the
sender by reply email and destroy the original message and any copies of
the message as well as any attachments to the original message.
More information about the samba
mailing list