[Samba] New AD-DC missing some DNS Information

Rowland penny rpenny at samba.org
Sat Feb 13 20:59:16 UTC 2021

On 13/02/2021 20:38, Robert Steinmetz AIA wrote:
> Thanks again.
>> Lets take it that your registered domain is 'example.com', so is your 
>> NT4-style domain using this domain ?
> It doesn't really use any DNS domain most traffic goes to the Internet 
> through a gateway and isn't really associated with a domain or rather 
> it's associated with our ISP's domain. Only the servers have true DNS 
> records. Most of the Windows specific network ports are blocked at the 
> firewall. It's basically a local network.

If you are going to run a Samba AD, then you are going to be running a 
dns server 😁

When you do set up AD clients, they will need to use the Samba AD DC as 
their dns server. Also, you might want to check the port usage, AD uses 
a lot more ports.

>> If I was in your position, I would start again, but this time use 
>> something like 'ad.example.com' for the domain, do not use your 
>> registered dns domain. You will then need to start and join your 
>> clients to your new domain and you can no longer use wins, you must 
>> use dns. You will need to forward anything outside the 
>> 'ad.example.com' domain to an external dns server.
> That makes sense. How does one "start over"? Do I just edit the system 
> configurations I already have and rerun samba-tool or do I need to 
> completely remove everything, purge it and reinstall it?

You just need to remove the smb.conf and then provision again.

>> As for your two 'sites', then this is very doable, you just need at 
>> least one DC at each site and then use the very aptly named 'sites'.
> I knew I would need a controller at both sites. I have an independent 
> PDC at each site now. What is 'sites', an external program, an option 
> or setting in Samba, or something else? That is a project for another 
> day, after I've converted to AD at both sites.

It is something built into AD, try reading this: 

>> If your mail server etc uses ldap, then you have a few options, you 
>> can use AD to authenticate your mail users (dovecot for instance), or 
>> you can sync your users from AD to your ldap, or perhaps use another, 
>> newer, mail server.
> At present I simply add Linux users for every employee, then add them 
> to SAMBA at their location I also have a few other systems that 
> require users to have separate logins, a groupware application and a 
> Time and Billing system. We don't have that many users so it's not a 
> big chore when we have a new one. It takes a few minutes for each new 
> user.
>> As for why you cannot use wins, it relies on netbios which AD does 
>> not use, it uses dns instead.
> I recall seeing in the documentation some references to wins options, 
> so I thought it could still be an option but I didn't get that far. It 
> doesn't matter as long as it works.

Oh it works, it actually works better than wins in my opinion.


>> Any questions, please feel free to ask.
>> Rowland

More information about the samba mailing list