[Samba] Problems with internal DNS

Thomas Schweikle tschweikle at gmail.com
Tue Oct 22 15:18:40 UTC 2019 

On Tue, Oct 22, 2019 at 5:07 PM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 22/10/2019 15:52, Thomas Schweikle wrote:
> >
> > On Mon, Oct 21, 2019 at 5:03 PM Rowland penny via samba
> > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
> >
> >     On 21/10/2019 15:47, Thomas Schweikle via samba wrote:
> >     > Hi!
> >     >
> >     > Samba server set up for domain rufus.ada.de
> >     <http://rufus.ada.de> a proxy is reachable in
> >     > proxy.ada.de <http://proxy.ada.de>.
> >
> >     How are you running Samba ?
> >
> > As ADDC.
> >
> >     Please post your smb.conf.
> >
> > OK. Here it is:
> >
> > [global]
> >         netbios name = AD01
> >         realm = RUFUS.ADA.DE <http://RUFUS.ADA.DE>
> >         server role = active directory domain controller
> >         workgroup = RUFUS
> >         idmap_ldb:use rfc2307 = yes
> >         allow dns updates = secure only
> >         dns forwarder = 172.18.8.1
> >
> > [sysvol]
> >         path = /var/lib/samba/sysvol
> >         read only = No
> >
> > [netlogon]
> >         path = /var/lib/samba/sysvol/rodos.bfs.de/scripts
> > <http://rodos.bfs.de/scripts>
> >         read only = No
>
> First problem, netlogon says your dns domain is 'rodos.bfs.de' but your
> REALM is 'RUFUS.ADA.DE', ignoring the case, they must be the same.
>

Ahm yes. This was a mistake made by copy and paste ... I've corrected it.
It now reads:
  path = /var/lib/samba/sysvol/rufus.ada.de/scripts
<http://rodos.bfs.de/scripts>


> Next, your AD DC must be Authoritative for the AD dns domain and your AD
> clients must use the DC as their first nameserver and anything it
> doesn't know, it asks its forwarder.
>
> Your /etc/resolv.conf file on the DC should be:
>
> search <your actual dns domain>
> nameserver <your DCs ipaddress>
>

Does "localhost" work?
search ada.de.
domain ada.de
nameserver localhost

Or does it have to be the extern reachable address?

If I look at
samba   1500 root   47u  IPv6  26355      0t0  TCP *:53 (LISTEN)
samba   1500 root   49u  IPv6  26356      0t0  UDP *:53
samba   1500 root   50u  IPv4  26357      0t0  TCP *:53 (LISTEN)
samba   1500 root   51u  IPv4  26358      0t0  UDP *:53

samba binds to "*" aka "all addresses". But does it mean it does not answer
to localhost incoming queries?

Rowland
>

-- 
Thomas

More information about the samba mailing list