[Samba] Samba as an active directory

Mon Jul 6 06:46:16 UTC 2020

If you want us to help better, can you provice any configs that will help us.. 

> 1. Joining the domain: fails to resolve SRV type record for \_ldap.\_tcp.dc.\_msdcs.<domain> (typos here are mine, correct on machine)

Resolving setup is wrong or contains an error most probely. 

> 2. Fail of 1 is because the response for the SRV record is serving the SOA and the response does not arrive at the client. I see the request resolved correctly on the AD-BindNLZ send back to the DNS server and from the DNS server to the client. However, on the client it becomes a non-existent Domain reply. The firewall on MSw10 is enabled but I do not understand why it would filter a reply. Such was not documented on Samba.org so I did not investigate yet.

Your using : AD+BIND9_DLZ, 
If this still happens, stop bind from using RDNC and down reload bind9, always stop/start or restart. NO! Reload. 

> 3. To enable federation i prefer to work with Kerberos. However, using Server Manager it complains on auth about 1 here but also about kerberos. The krb5.conf file is present in /etc and as default. II had assumed Kerberos would be enabled by default on AD role for Samba4.

Yes but im not sure if federation works, i haven't seen much questions on the list about it. 

> 4. Connect using Server Manager fail because of 1 also. See also 2 and 3. While on latest MS Windows 10 I could not find Server Manager anywhere under 'options and features' the install happened manually.

Again, resolving. 

My suggestion, independed of samba version, but note, Rowland is right, 4.5 ( or even 4.9 ) are old.
Later version have so many good fixes. I really advice latest 4.11 or 4.12 

Run this script, anonymize where needed and show us the output, in the mail not as attachment these get stripped off..

wget https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh 

And if you W10 is getting DHCP, and output of ipconfig /all would help also. 

Greetz,

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens JL via samba
> Verzonden: zondag 5 juli 2020 0:26
> Aan: rpenny at samba.org; samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba as an active directory
> 
> Are the 4 questions i postef in any way version related ? 
> This being Debian i assume it is not a broken release made availble.
> 
> My main concern is why rsat cannot connect due to the 
> \_ldap.... not resolving. It is as if there is something left 
> unconfigured which is not mention in the user documentation.
> 
> 
> 
> 
> \- - -
> 
> 
> mailto:commandline at protonmail.com
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Joris Lambrecht
> 
> CyberSecurity and ICT Coach
> call: +32 487 558 354
> 
> Antwerp, Belgium
> 
> https://www.commandline.be
> 
> 
> 
> 
> 
> \-------- Oorspronkelijk bericht --------
> Aan 4 jul. 2020 22:29, Rowland penny via samba < 
> samba at lists.samba.org> schreef:
> 
> >
> >
> >
> > On 04/07/2020 21:25, commandline at protonmail.com wrote:
> > > Afaik it runs 4.9.15
> > >
> > It doesn't, I downloaded and installed it.
> >
> > Rowland
> >
> >
> >
> > \--
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >-- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 