[Samba] Invalid PTR record in reverse lookup zone

andi at bastelmap.de andi at bastelmap.de
Tue Nov 12 21:56:40 UTC 2019

On Tue, Nov 12, 2019 at 07:53:06PM +0000, Rowland penny via samba wrote:
> On 12/11/2019 19:24, andi via samba wrote:
> > On Mon, Nov 11, 2019 at 05:27:03PM +0000, Rowland penny via samba wrote:
> > > > 
> > > The IP above is, yet the IP for kronos (the DC) is
> > >, so it will not be fine.
> > Just for my understanding: The lines "Server:" and "Address:" refer to the DNS server which
> > responded the query, don't they? The actual answer to
> > _kerberos._tcp.ad.home.arpa service is "0 100 88 kronos.ad.home.arpa."
> > which is correct?
> Yes, that is correct, BUT, it isn't coming from the DC is it ?

The DNS on the router is actually a dnsmasq forwarding every request ending
with (.)ad.home.arpa to the DC. So, yes the response data is comming from
the DC.

> > > You must use winbind with Samba >= 4.8.0 and this means you cannot sssd any
> > > more. If you want to use the DC as a fileserver (not recommended) either use
> > > idmap.ldb (the default) or nslcd.
> > After another couple of hours I finally got a winbind login working.
> > However I'm not sure how stable this works.
> It has been very stable for myself for the last 7 years
> >   On the client I had "wbinfo -i
> > $username" return errors at first and suddenly it worked. Maybe related to
> > the older samba 4.5.1 version on the client. I have to upgrade it anyways
> > because of the primary group. (I don't want it to be "domain users")
> You really should use a Samba supported version of Samba. What is wrong with

You're right, heave to update the OS then, another story..

> Domain Users ? Do you not have any Windows clients ? They will expect (and
> get) Domain Users on Windows, but will get a different one on Unix.

I'm very used to the "user group" scheme on Linux...

> > Yes I'm going to use the dc also as file server. I don't want to install
> > multiple servers in a small home network, just an overkill. However, the
> > winbind mapping on the DC is not very nice.
> Use the winbind 'ad' backend on the Unix domain members and the required
> RFC2307 will replace the xidNumbers (the numbers in the 3000000 range) used
> on the DC.
> Example:
> root at dc4:~# getent passwd rowland
> SAMDOM\rowland:*:10000:10000::/home/SAMDOM/users/rowland:/bin/bash

Hmm, I did configure it on the client as suggested and it worked there.
But on the DC nothing changed. getent always returned something with
uid 30000xx. but maybe this was related to the user beeing member of
Administrators group. I have read someting about special mapping in this
case. I reverted this later on when testing with windows.

> Mine rarely breaks (and when it does, it is usually my fault through testing
> something I shouldn't)

Thinking more about hardware issues. And absence of the maintainer during


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20191112/2185c420/signature.sig>

More information about the samba mailing list