[Samba] Problems with internal DNS
Rowland penny
rpenny at samba.org
Tue Oct 22 15:27:54 UTC 2019
On 22/10/2019 16:18, Thomas Schweikle wrote:
>
> On Tue, Oct 22, 2019 at 5:07 PM Rowland penny via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
> On 22/10/2019 15:52, Thomas Schweikle wrote:
> >
> > On Mon, Oct 21, 2019 at 5:03 PM Rowland penny via samba
> > <samba at lists.samba.org <mailto:samba at lists.samba.org>
> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>>> wrote:
> >
> > On 21/10/2019 15:47, Thomas Schweikle via samba wrote:
> > > Hi!
> > >
> > > Samba server set up for domain rufus.ada.de
> <http://rufus.ada.de>
> > <http://rufus.ada.de> a proxy is reachable in
> > > proxy.ada.de <http://proxy.ada.de> <http://proxy.ada.de>.
> >
> > How are you running Samba ?
> >
> > As ADDC.
> >
> > Please post your smb.conf.
> >
> > OK. Here it is:
> >
> > [global]
> > netbios name = AD01
> > realm = RUFUS.ADA.DE <http://RUFUS.ADA.DE>
> <http://RUFUS.ADA.DE>
> > server role = active directory domain controller
> > workgroup = RUFUS
> > idmap_ldb:use rfc2307 = yes
> > allow dns updates = secure only
> > dns forwarder = 172.18.8.1
> >
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> >
> > [netlogon]
> > path = /var/lib/samba/sysvol/rodos.bfs.de/scripts
> <http://rodos.bfs.de/scripts>
> > <http://rodos.bfs.de/scripts>
> > read only = No
>
> First problem, netlogon says your dns domain is 'rodos.bfs.de
> <http://rodos.bfs.de>' but your
> REALM is 'RUFUS.ADA.DE <http://RUFUS.ADA.DE>', ignoring the case,
> they must be the same.
>
>
> Ahm yes. This was a mistake made by copy and paste ... I've corrected
> it. It now reads:
> path = /var/lib/samba/sysvol/rufus.ada.de/scripts
> <http://rodos.bfs.de/scripts>
I sort of thought it was something like that, but I have seen stranger
things than that posted on here, talking of that:
>
> Next, your AD DC must be Authoritative for the AD dns domain and
> your AD
> clients must use the DC as their first nameserver and anything it
> doesn't know, it asks its forwarder.
>
> Your /etc/resolv.conf file on the DC should be:
>
> search <your actual dns domain>
> nameserver <your DCs ipaddress>
>
>
> Does "localhost" work?
NO, set it as shown, this works, though there is nothing to stop the
forwarder being the proxy server. Your clients need to easily find a DC
> search ada.de <http://ada.de>.
> domain ada.de <http://ada.de>
'search' & 'domain' are mutually exclusive and last one wins and it
needs to be search
> nameserver localhost
>
> Or does it have to be the extern reachable address?
>
> If I look at
> samba 1500 root 47u IPv6 26355 0t0 TCP *:53 (LISTEN)
> samba 1500 root 49u IPv6 26356 0t0 UDP *:53
> samba 1500 root 50u IPv4 26357 0t0 TCP *:53 (LISTEN)
> samba 1500 root 51u IPv4 26358 0t0 UDP *:53
>
> samba binds to "*" aka "all addresses". But does it mean it does not
> answer to localhost incoming queries?
Using 'localhost is not going to work, use the DCs ipaddress.
Rowland
More information about the samba
mailing list