[Samba] Invalid PTR record in reverse lookup zone

Rowland penny rpenny at samba.org
Tue Nov 12 22:23:35 UTC 2019

On 12/11/2019 21:56, Andreas Messer via samba wrote:
> The DNS on the router is actually a dnsmasq forwarding every request ending
> with (.)ad.home.arpa to the DC. So, yes the response data is comming from
> the DC.
I will say it again, turn the dns server on the router off and use the 
dns server on the DC, the DC MUST be authoritative for the AD domain.
> I'm very used to the "user group" scheme on Linux...

As I said, Your Windows clients will use Domain users on Windows and 
your Unix group on Unix, do you really need this confusion ?

There is nothing stopping you using ACLs to deny access to files etc.

>>> Yes I'm going to use the dc also as file server. I don't want to install
>>> multiple servers in a small home network, just an overkill. However, the
>>> winbind mapping on the DC is not very nice.
>> Use the winbind 'ad' backend on the Unix domain members and the required
>> RFC2307 will replace the xidNumbers (the numbers in the 3000000 range) used
>> on the DC.
>> Example:
>> root at dc4:~# getent passwd rowland
>> SAMDOM\rowland:*:10000:10000::/home/SAMDOM/users/rowland:/bin/bash
> Hmm, I did configure it on the client as suggested and it worked there.
> But on the DC nothing changed. getent always returned something with
> uid 30000xx. but maybe this was related to the user beeing member of
> Administrators group. I have read someting about special mapping in this
> case. I reverted this later on when testing with windows.
Run 'net cache flush' and try again.
>> Mine rarely breaks (and when it does, it is usually my fault through testing
>> something I shouldn't)
> Thinking more about hardware issues. And absence of the maintainer during
> that.

As long as you use decent hardware, this isn't really a problem and can 
be mitigated by running two or more DCs


More information about the samba mailing list