[Samba] How to Properly Configure Samba's Internal DNS
Marco Shmerykowsky
marco at sce-engineers.com
Sat Jan 30 16:03:07 UTC 2021
On 2021-01-30 10:59 am, Rowland penny via samba wrote:
> On 30/01/2021 15:52, Marco Shmerykowsky via samba wrote:
>>
>> On 2021-01-30 10:35 am, Rowland penny via samba wrote:
>>> On 30/01/2021 15:19, Marco Shmerykowsky via samba wrote:
>>>> On 2021-01-30 9:31 am, Rowland penny via samba wrote:
>>>>> On 30/01/2021 13:48, Marco Shmerykowsky via samba wrote:
>>>>>> I have what though was a working Samba4 AD setup.
>>>>>> However, in trying to troubleshoot a user's issues while
>>>>>> connecting via a VPN, I begun to question if DNS
>>>>>> is properly setup up.
>>>>>>
>>>>>> Each linux server has the following entries in
>>>>>> resolv.conf:
>>>>>
>>>>>
>>>>> What do mean by 'linux server' ? are you referring to a Unix domain
>>>>> member or a Samba AD DC ?
>>>>
>>>> Two Samba AD DC's
>>>> Two Samba Domain Member Servers
>>>>
>>>>>
>>>>>>
>>>>>> search ad-domain.company.com
>>>>>> nameserver ip-of-FSMO-server
>>>>>
>>>>> I would list all Samba AD DC's on the Unix domain members and set
>>>>> each
>>>>> DC to use itself.
>>>>
>>>> I'll make the change and see what results
>>>>
>>>>>>
>>>>>> Each linux server has a hosts file with an entry:
>>>>>>
>>>>>> unique-ip-address machine#.ad-doamin.company.com machine#
>>>>>>
>>>>>> However, if I do nnslookup -> set type=SRV ->
>>>>>> _ldap._tcp.ad-domain.company.com.
>>>>>>
>>>>>> instead of getting the results shown here:
>>>>>>
>>>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Resolving_SRV_Records
>>>>>> I get:
>>>>>>
>>>>>> Server: ip-of-FSMO-server
>>>>>> Address: ip-of-FSMO-server#53
>>>>>>
>>>>>> _ldap._tcp.ad-domain.company.com service = 0 100 389
>>>>>> machine1.ad-domain.company.com.
>>>>>> _ldap._tcp.ad-domain.company.com service = 0 100 389
>>>>>> machine1.ad-domain.company.com.
>>>>>
>>>>>
>>>>> I get something similar, only my difference is that mine lists both
>>>>> of
>>>>> my DC's, yours should list all your DC's
>>>>>
>>>>>>
>>>>>> Further, if I try pinging hostnames on the FSMO-server, I only get
>>>>>> positive
>>>>>> results on 3 of 4 of my servers:
>>>>>>
>>>>>> ping ad-domain.company.com -> success
>>>>>>
>>>>>> ping machine1.ad-domain.company.com -> success
>>>>>> ping machine2.ad-domain.company.com -> success
>>>>>> ping machine3.ad-domain.company.com -> success
>>>>>> ping machine4 -> fails with unknown host
>>>>>
>>>>>
>>>>> They should all work, you seem to have dns problems.
>>>>
>>>> Agreed. I never noticed it because GPO's and Drive Shares have
>>>> been working well for two years. I just noticed something was
>>>> amiss when we deployed a VPN.
>>>>
>>>> DNS is being provided by Samba. How should I trouble shoot this?
>>>>
>>>>>
>>>>> Rowland
>>>>
>>> are you using Bind9 ?
>>>
>>> if so, it could be the dns.keytab problem (it isn't created in the
>>> bind-dns dir when you join a DC)
>>
>> No. SAMBA_INTERNAL
>>
> Pity, it easy to fix bind9 😂
Should I switch?
> You will just have to double check everything 🙁
Other than hostname, hosts and resolv.conf, what should I check?
More information about the samba
mailing list