[Samba] Winbind domain join and PTR records

Alexey A Nikitin nikitin at amazon.com
Fri Jun 7 22:04:05 UTC 2019 

Hi everyone,

It looks like when I do 'net ads join' the PTR records for the host are not created, whereas when I do domain join on a Windows machine the PTR records do get created. Thus the question I have: does Winbind have the ability to create PTR records but simply doesn't create them by default or unless certain conditions are met? If it does, how do I make sure Winbind creates them?

We use Samba 4.8.3 on Amazon Linux 2. Installed Samba packages:

samba-client-libs.x86_64              4.8.3-4.amzn2.0.1              @amzn2-core
samba-common.noarch                   4.8.3-4.amzn2.0.1              @amzn2-core
samba-common-libs.x86_64              4.8.3-4.amzn2.0.1              @amzn2-core
samba-common-tools.x86_64             4.8.3-4.amzn2.0.1              @amzn2-core
samba-libs.x86_64                     4.8.3-4.amzn2.0.1              @amzn2-core
samba-winbind.x86_64                  4.8.3-4.amzn2.0.1              @amzn2-core
samba-winbind-clients.x86_64          4.8.3-4.amzn2.0.1              @amzn2-core
samba-winbind-krb5-locator.x86_64     4.8.3-4.amzn2.0.1              @amzn2-core
samba-winbind-modules.x86_64          4.8.3-4.amzn2.0.1              @amzn2-core


Content of /etc/samba/smb.conf:

[global]
        idmap config * : backend = autorid
        idmap config * : range = 100000000-2100000000
        idmap config * : rangesize = 100000000
        idmap config NIKITIN : backend = rid
        idmap config NIKITIN : range = 65536 - 99999999
        winbind refresh tickets = yes
        winbind enum groups = no
        winbind enum users = no
#--authconfig--start-line--

# Generated by authconfig on 2019/01/19 00:31:30
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future

   workgroup = EXAMPLE
   realm = EXAMPLE.COM
   security = ads
   template homedir = /home/%U
   template shell = /bin/bash
   kerberos method = secrets and keytab
   winbind use default domain = false
   winbind offline logon = true

#--authconfig--end-line--
log level = 3
        interfaces = eth1 lo
;	workgroup = SAMBA
;	security = user

	passdb backend = tdbsam

	printing = cups
	printcap name = cups
	load printers = yes
	cups options = raw
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba/attachments/20190607/21a54972/signature.sig>

More information about the samba mailing list