[Samba] How to Properly Configure Samba's Internal DNS

Marco Shmerykowsky marco at sce-engineers.com
Sat Jan 30 15:19:32 UTC 2021 

On 2021-01-30 9:31 am, Rowland penny via samba wrote:
> On 30/01/2021 13:48, Marco Shmerykowsky via samba wrote:
>> I have what though was a working Samba4 AD setup.
>> However, in trying to troubleshoot a user's issues while
>> connecting via a VPN, I begun to question if DNS
>> is properly setup up.
>> 
>> Each linux server has the following entries in
>> resolv.conf:
> 
> 
> What do mean by 'linux server' ? are you referring to a Unix domain
> member or a Samba AD DC ?

Two Samba AD DC's
Two Samba Domain Member Servers

> 
>> 
>> search ad-domain.company.com
>> nameserver ip-of-FSMO-server
> 
> I would list all Samba AD DC's on the Unix domain members and set each
> DC to use itself.

I'll make the change and see what results

>> 
>> Each linux server has a hosts file with an entry:
>> 
>> unique-ip-address  machine#.ad-doamin.company.com machine#
>> 
>> However, if I do nnslookup -> set type=SRV -> 
>> _ldap._tcp.ad-domain.company.com.
>> 
>> instead of getting the results shown here:
>> 
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Resolving_SRV_Records 
>> I get:
>> 
>> Server:         ip-of-FSMO-server
>> Address:        ip-of-FSMO-server#53
>> 
>> _ldap._tcp.ad-domain.company.com       service = 0 100 389 
>> machine1.ad-domain.company.com.
>> _ldap._tcp.ad-domain.company.com       service = 0 100 389 
>> machine1.ad-domain.company.com.
> 
> 
> I get something similar, only my difference is that mine lists both of
> my DC's, yours should list all your DC's
> 
>> 
>> Further, if I try pinging hostnames on the FSMO-server, I only get 
>> positive
>> results on 3 of 4 of my servers:
>> 
>> ping ad-domain.company.com -> success
>> 
>> ping machine1.ad-domain.company.com -> success
>> ping machine2.ad-domain.company.com -> success
>> ping machine3.ad-domain.company.com -> success
>> ping machine4 -> fails with unknown host
> 
> 
> They should all work, you seem to have dns problems.

Agreed.  I never noticed it because GPO's and Drive Shares have
been working well for two years. I just noticed something was
amiss when we deployed a VPN.

DNS is being provided by Samba.  How should I trouble shoot this?

> 
> Rowland

More information about the samba mailing list