[Samba] Potential inconsistency in Samba DNS server when used with `samba-tool domain join`
Patrick Goetz
pgoetz at math.utexas.edu
Thu Nov 4 09:25:29 UTC 2021
Hi Louis -
On 11/4/21 03:50, L.P.H. van Belle via samba wrote:
> Hai,
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Patrick Goetz via samba
>> Verzonden: woensdag 3 november 2021 21:38
>> Aan: Samba listserv
>> Onderwerp: [Samba] Potential inconsistency in Samba DNS
>> server when used with `samba-tool domain join`
>>
>>
>> I think there might be a problem with using `samba-tool
>> domain join` to
>> join a domain, as I've noticed some inconsistencies in whether or not
>> the new client is picked up by DNS. Presently:
>>
>> root at atomsmasher:~# net ads leave -U Administrator
>> Password for [EA\Administrator]:
>> Deleted account for 'ATOMSMASHER' in realm 'EA.LINUXCS.COM'
>>
>>
>> But
>>
>> root at samba-dc:~# host atomsmasher
>> atomsmasher.ea.linuxcs.com has address 192.168.1.82
>>
>> root at samba-dc:~# samba-tool computer list
>> DATA2$
>> IBS100$
>> SAMBA-DC$
>>
> host atomsmasher name resolving (dns)
> samba-tool computer list (name resolving AD-objects)
> 2 different things.
>
>>
>> How do I get the machine out of the Samba DNS so that I can
>> see if what
>> I observed previously is repeatable? I noticed I didn't have
>> a DNS entry
>> for this host, so left and rejoined the domain using
>> samba-tool several
>> times, never getting a DNS entry for it. Then I joined using
>> `net ads
>> join` and it was in DNS immediately. I want to see of this is
>> repeatable.
>>
>> I might have to abandon Samba DNS and install bind as per Louis'
>> recommendation. I'm finding the Samba DNS to be hard to work
>> with since
>> there doesn't seem to be any way to interact with it directly.
>>
>
> If you use the windows tools, you dont see the computer untill you refresh.
> With samba tool :
> sudo samba-tool dns query YOUR_AD-DC_HOSTNAME(.FQDN) primary-dnsdomainname NAME2CHECKOUT A -UAdministrator
>
> So for you : sudo samba-tool dns query samba-dc ea.linuxcs.com atomsmasher A -UAdministrator
>
My bad for not having read through the entirety of
https://www.samba.org/samba/docs/current/man-html/samba-tool.8.html
So, I can manage the DNS entries for Samba DNS by hand. That should
probably be mentioned in the Wiki here:
https://wiki.samba.org/index.php/The_Samba_AD_DNS_Back_Ends
If no one beats me to it, I'll add some stuff to this page over the weekend
However, shouldn't the DNS entry for a client be removed automatically
when the client leaves the domain?
root at atomsmasher:~# net ads leave -U Administrator
Password for [EA\Administrator]:
Deleted account for 'ATOMSMASHER' in realm 'EA.LINUXCS.COM'
root at samba-dc:~# samba-tool dns query samba-dc ea.linuxcs.com
atomsmasher A -UAdministrator
Password for [EA\Administrator]:
Name=, Records=1, Children=0
A: 192.168.1.82 (flags=f0, serial=110, ttl=3600)
But in any case, I can now proceed with testing. Thanks!
> Greetz,
>
> Louis
>
>
More information about the samba
mailing list