[Samba] How to Properly Configure Samba's Internal DNS

Rowland penny rpenny at samba.org
Sat Jan 30 15:35:52 UTC 2021 

On 30/01/2021 15:19, Marco Shmerykowsky via samba wrote:
> On 2021-01-30 9:31 am, Rowland penny via samba wrote:
>> On 30/01/2021 13:48, Marco Shmerykowsky via samba wrote:
>>> I have what though was a working Samba4 AD setup.
>>> However, in trying to troubleshoot a user's issues while
>>> connecting via a VPN, I begun to question if DNS
>>> is properly setup up.
>>>
>>> Each linux server has the following entries in
>>> resolv.conf:
>>
>>
>> What do mean by 'linux server' ? are you referring to a Unix domain
>> member or a Samba AD DC ?
>
> Two Samba AD DC's
> Two Samba Domain Member Servers
>
>>
>>>
>>> search ad-domain.company.com
>>> nameserver ip-of-FSMO-server
>>
>> I would list all Samba AD DC's on the Unix domain members and set each
>> DC to use itself.
>
> I'll make the change and see what results
>
>>>
>>> Each linux server has a hosts file with an entry:
>>>
>>> unique-ip-address  machine#.ad-doamin.company.com machine#
>>>
>>> However, if I do nnslookup -> set type=SRV -> 
>>> _ldap._tcp.ad-domain.company.com.
>>>
>>> instead of getting the results shown here:
>>>
>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Resolving_SRV_Records 
>>> I get:
>>>
>>> Server:         ip-of-FSMO-server
>>> Address:        ip-of-FSMO-server#53
>>>
>>> _ldap._tcp.ad-domain.company.com       service = 0 100 389 
>>> machine1.ad-domain.company.com.
>>> _ldap._tcp.ad-domain.company.com       service = 0 100 389 
>>> machine1.ad-domain.company.com.
>>
>>
>> I get something similar, only my difference is that mine lists both of
>> my DC's, yours should list all your DC's
>>
>>>
>>> Further, if I try pinging hostnames on the FSMO-server, I only get 
>>> positive
>>> results on 3 of 4 of my servers:
>>>
>>> ping ad-domain.company.com -> success
>>>
>>> ping machine1.ad-domain.company.com -> success
>>> ping machine2.ad-domain.company.com -> success
>>> ping machine3.ad-domain.company.com -> success
>>> ping machine4 -> fails with unknown host
>>
>>
>> They should all work, you seem to have dns problems.
>
> Agreed.  I never noticed it because GPO's and Drive Shares have
> been working well for two years. I just noticed something was
> amiss when we deployed a VPN.
>
> DNS is being provided by Samba.  How should I trouble shoot this?
>
>>
>> Rowland
>
are you using Bind9 ?

if so, it could be the dns.keytab problem (it isn't created in the 
bind-dns dir when you join a DC)

Rowland

More information about the samba mailing list