[Samba] Samba DNS Accounts
Rowland penny
rpenny at samba.org
Thu Feb 4 17:14:04 UTC 2021
On 04/02/2021 16:30, Bo Kersey wrote:
> Actually, based on some of my working servers, the dns record should be:
> DC=ad01,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
>
> However, this is what I'm seeing:
> dn: DC=ad01.,DC=example.info,CN=MicrosoftDNS,DC=DomainDnsZones,DC=SAMDOM,DC=EXAMPLE,DC=COM
> dn: DC=ad01.samdom,DC=EXAMPLE.COM,CN=MicrosoftDNS,DC=DomainDnsZones,DC=SAMDOM,DC=EXAMPLE,DC=COM
Not good, what is updating the records in AD ?
>
> I'm thinking the problem is that the workgroup is set to EXAMPLE instead of SAMDOM - smb.conf below
Whilst it is common practise to name the workgroup after the lefthand
part of the realm, it isn't mandatory, in fact you can call it anything,
as long as it isn't more than 15 characters long, so EXAMPLE is ok.
>
> [global]
> ldap server require strong auth = allow_sasl_over_tls
> passdb backend = samba_dsdb
> realm = SAMDOM.EXAMPLE.COM
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
> template shell = /bin/bash
> tls verify peer = no_check
> usershare path =
> winbind enum groups = Yes
> winbind enum users = Yes
> winbind nss info = rfc2307
> winbind offline logon = Yes
> winbind use default domain = Yes
> workgroup = EXAMPLE
> rpc_daemon:spoolssd = embedded
> rpc_server:spoolss = embedded
> idmap_ldb:use rfc2307 = yes
> winbindd:use external pipes = true
> rpc_server:default = external
> rpc_server:svcctl = embedded
> rpc_server:srvsvc = embedded
> rpc_server:eventlog = embedded
> rpc_server:ntsvcs = embedded
> rpc_server:winreg = embedded
> rpc_server:tcpip = no
> idmap config * : backend = tdb
> map archive = No
> vfs objects = dfs_samba4 acl_xatt
Can I suggest you remove the 'winbind lines, they do nothing on a Samba DC.
Rowland
More information about the samba
mailing list