[Samba] How to Properly Configure Samba's Internal DNS

Rowland penny rpenny at samba.org
Sat Jan 30 15:59:25 UTC 2021 

On 30/01/2021 15:52, Marco Shmerykowsky via samba wrote:
>
> On 2021-01-30 10:35 am, Rowland penny via samba wrote:
>> On 30/01/2021 15:19, Marco Shmerykowsky via samba wrote:
>>> On 2021-01-30 9:31 am, Rowland penny via samba wrote:
>>>> On 30/01/2021 13:48, Marco Shmerykowsky via samba wrote:
>>>>> I have what though was a working Samba4 AD setup.
>>>>> However, in trying to troubleshoot a user's issues while
>>>>> connecting via a VPN, I begun to question if DNS
>>>>> is properly setup up.
>>>>>
>>>>> Each linux server has the following entries in
>>>>> resolv.conf:
>>>>
>>>>
>>>> What do mean by 'linux server' ? are you referring to a Unix domain
>>>> member or a Samba AD DC ?
>>>
>>> Two Samba AD DC's
>>> Two Samba Domain Member Servers
>>>
>>>>
>>>>>
>>>>> search ad-domain.company.com
>>>>> nameserver ip-of-FSMO-server
>>>>
>>>> I would list all Samba AD DC's on the Unix domain members and set each
>>>> DC to use itself.
>>>
>>> I'll make the change and see what results
>>>
>>>>>
>>>>> Each linux server has a hosts file with an entry:
>>>>>
>>>>> unique-ip-address  machine#.ad-doamin.company.com machine#
>>>>>
>>>>> However, if I do nnslookup -> set type=SRV -> 
>>>>> _ldap._tcp.ad-domain.company.com.
>>>>>
>>>>> instead of getting the results shown here:
>>>>>
>>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Resolving_SRV_Records 
>>>>> I get:
>>>>>
>>>>> Server:         ip-of-FSMO-server
>>>>> Address:        ip-of-FSMO-server#53
>>>>>
>>>>> _ldap._tcp.ad-domain.company.com       service = 0 100 389 
>>>>> machine1.ad-domain.company.com.
>>>>> _ldap._tcp.ad-domain.company.com       service = 0 100 389 
>>>>> machine1.ad-domain.company.com.
>>>>
>>>>
>>>> I get something similar, only my difference is that mine lists both of
>>>> my DC's, yours should list all your DC's
>>>>
>>>>>
>>>>> Further, if I try pinging hostnames on the FSMO-server, I only get 
>>>>> positive
>>>>> results on 3 of 4 of my servers:
>>>>>
>>>>> ping ad-domain.company.com -> success
>>>>>
>>>>> ping machine1.ad-domain.company.com -> success
>>>>> ping machine2.ad-domain.company.com -> success
>>>>> ping machine3.ad-domain.company.com -> success
>>>>> ping machine4 -> fails with unknown host
>>>>
>>>>
>>>> They should all work, you seem to have dns problems.
>>>
>>> Agreed.  I never noticed it because GPO's and Drive Shares have
>>> been working well for two years. I just noticed something was
>>> amiss when we deployed a VPN.
>>>
>>> DNS is being provided by Samba.  How should I trouble shoot this?
>>>
>>>>
>>>> Rowland
>>>
>> are you using Bind9 ?
>>
>> if so, it could be the dns.keytab problem (it isn't created in the
>> bind-dns dir when you join a DC)
>
> No. SAMBA_INTERNAL
>
Pity, it easy to fix bind9 😂

You will just have to double check everything 🙁

Rowland

More information about the samba mailing list