[Samba] How to Properly Configure Samba's Internal DNS

Marco Shmerykowsky marco at sce-engineers.com
Sat Jan 30 15:52:08 UTC 2021 

On 2021-01-30 10:35 am, Rowland penny via samba wrote:
> On 30/01/2021 15:19, Marco Shmerykowsky via samba wrote:
>> On 2021-01-30 9:31 am, Rowland penny via samba wrote:
>>> On 30/01/2021 13:48, Marco Shmerykowsky via samba wrote:
>>>> I have what though was a working Samba4 AD setup.
>>>> However, in trying to troubleshoot a user's issues while
>>>> connecting via a VPN, I begun to question if DNS
>>>> is properly setup up.
>>>> 
>>>> Each linux server has the following entries in
>>>> resolv.conf:
>>> 
>>> 
>>> What do mean by 'linux server' ? are you referring to a Unix domain
>>> member or a Samba AD DC ?
>> 
>> Two Samba AD DC's
>> Two Samba Domain Member Servers
>> 
>>> 
>>>> 
>>>> search ad-domain.company.com
>>>> nameserver ip-of-FSMO-server
>>> 
>>> I would list all Samba AD DC's on the Unix domain members and set 
>>> each
>>> DC to use itself.
>> 
>> I'll make the change and see what results
>> 
>>>> 
>>>> Each linux server has a hosts file with an entry:
>>>> 
>>>> unique-ip-address  machine#.ad-doamin.company.com machine#
>>>> 
>>>> However, if I do nnslookup -> set type=SRV -> 
>>>> _ldap._tcp.ad-domain.company.com.
>>>> 
>>>> instead of getting the results shown here:
>>>> 
>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Resolving_SRV_Records 
>>>> I get:
>>>> 
>>>> Server:         ip-of-FSMO-server
>>>> Address:        ip-of-FSMO-server#53
>>>> 
>>>> _ldap._tcp.ad-domain.company.com       service = 0 100 389 
>>>> machine1.ad-domain.company.com.
>>>> _ldap._tcp.ad-domain.company.com       service = 0 100 389 
>>>> machine1.ad-domain.company.com.
>>> 
>>> 
>>> I get something similar, only my difference is that mine lists both 
>>> of
>>> my DC's, yours should list all your DC's
>>> 
>>>> 
>>>> Further, if I try pinging hostnames on the FSMO-server, I only get 
>>>> positive
>>>> results on 3 of 4 of my servers:
>>>> 
>>>> ping ad-domain.company.com -> success
>>>> 
>>>> ping machine1.ad-domain.company.com -> success
>>>> ping machine2.ad-domain.company.com -> success
>>>> ping machine3.ad-domain.company.com -> success
>>>> ping machine4 -> fails with unknown host
>>> 
>>> 
>>> They should all work, you seem to have dns problems.
>> 
>> Agreed.  I never noticed it because GPO's and Drive Shares have
>> been working well for two years. I just noticed something was
>> amiss when we deployed a VPN.
>> 
>> DNS is being provided by Samba.  How should I trouble shoot this?
>> 
>>> 
>>> Rowland
>> 
> are you using Bind9 ?
> 
> if so, it could be the dns.keytab problem (it isn't created in the
> bind-dns dir when you join a DC)

No. SAMBA_INTERNAL

More information about the samba mailing list