[Samba] New AD-DC missing some DNS Information

Tue Feb 16 08:42:12 UTC 2021

- NetBIOS domain names 
- Names can contain a period (.). But the name can't start with a period. 
And most people stop reading here.. 

But
Periods shouldn't be used in Active Directory domains. If you are upgrading a domain whose NetBIOS name contains a period, change the name by migrating the domain to a new domain structure. Do not use periods in new NetBIOS domain names.

So basicly, 

NO.STEINMETZNET is not supported, please stop now and .. 
if your still setting up, NOW is the time to change it. 
If your already setup, well, NOW is the time to change it. 

Sorry i'm the bad news bringer. 
But you must change it. 

Greet, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny via
> samba
> Verzonden: dinsdag 16 februari 2021 9:27
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] New AD-DC missing some DNS Information
> 
> On 15/02/2021 22:31, Robert Steinmetz AIA via samba wrote:
> > I don't think so. systemd-resolved is not running. It is disabled and
> > masked.
> > There are a gazillion proposed methods to do this and I haven't
> > figured out which one looks good.
> > In the interim I locked it down with chattr +i /etc/resolv.conf I can
> > now reboot and it seems to work.
> 
> 
> Whatever it is, then A) It has nothing to do with Samba B) You need to
> fix it.
> 
> >>
> >>
> >>> In my case I've added a user 'debbie'
> >>> # wbinfo -u
> >>> NO.STEINMETZNET\administrator
> >>> NO.STEINMETZNET\guest
> >>> NO.STEINMETZNET\krbtgt
> >>> NO.STEINMETZNET\debbie
> >>
> >> Why does your Netbios domain name have a dot in it ?
> > Because that is the name of the sub-domain I used. Did I misunderstand
> > something? Our domain is steinmetznet.com which was my first attempt.
> > The next attempt added the sub-domain no.steinmetznet.com. In our
> > current NT Domain the domain name is something entirely different.
> 
> 
> Whilst the REALM is the dns domain in uppercase, the netbios domain is
> something different, it doesn't help that 'domain' is used to describe
> both. The netbios domain name (also called 'workgroup') is usually the
> lefthand part of the dns domain in uppercase, but it can be anything,
> try reading this:
> 
> https://docs.microsoft.com/en-us/troubleshoot/windows-
> server/identity/naming-conventions-for-computer-domain-site-ou
> 
> >>
> >> I figured I needed that, but I don't remember seeing that in any of
> >> the documentation I reviewed. I did find a page on configuring
> >> winbindd but not that is was required.
> >
> 
> I thought it did, but I will check.
> 
> 
> > I'm sorry I'm not following this. I added the "template shell =
> > /bin/bash' and 'template homedir= /home/%U' and 'user debbie' can now
> > login.
> > What I think you're saying is that samba-tool user <username>
> > --login-shell and --unix-home don't have any effect on a DC.
> 
> 
> Yes, that, but they also have no effect except if you use a correctly
> set up smb.conf using the winbind 'ad' backend on a Unix domain member.
> 
> > My ultimate intention is to make all of our three samba servers backup
> > domain controllers.  But before I undertake that I want to have a
> > basic understanding of the AD tools and requirements.
> 
> 
> Then you need to start by understanding that there are no 'backup' DC's,
> all DC;s are equal.
> 
> >
> >>
> >>>
> >>>>
> >>>>>
> >>
> >> You are mixing up the Windows home directory and the Unix home
> >> directory.
> >>
> >> The Windows home directory is the one you should link to the Windows
> >> Drive letter, the Unix home directory is what the user would use if
> >> they log into a Unix domain member.
> > Why can't they be the same directory? That is what we do now.
> 
> 
> I am not saying they cannot be, they just use different attributes in AD.
> 
> Rowland
> 
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba