[Samba] Using samba-tool to join a linux file server to the domain doesn't appear to work
L.P.H. van Belle
belle at bazuin.nl
Fri Nov 5 09:21:28 UTC 2021
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Patrick Goetz via samba
> Verzonden: donderdag 4 november 2021 17:55
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Using samba-tool to join a linux file
> server to the domain doesn't appear to work
>
>
>
> On 11/4/21 11:09, Rowland Penny via samba wrote:
> > On Thu, 2021-11-04 at 11:00 -0500, Patrick Goetz via samba wrote:
> >>
> >> On 11/4/21 10:49, cn--- via samba wrote:
> >>> Am 04.11.21 um 16:43 schrieb Patrick Goetz via samba:
> >>>> While you're looking at this, would it be possible to add code to
> >>>> add
> >>>> a PTR record as well as the A record? This would match the
> >>>> behavior
> >>>> for Windows AD controllers.
> >>>
> >>> The default on Windows does not create the PTR. Usually
> you have to
> >>> set
> >>> up a GPO that the clients update their PTR.
> >>>
> >>
> >> I have no idea, but I checked with one of my colleagues who is a
> >> Windows
> >> guru/domain admin, and he insisted that both an A and PTR
> record are
> >> created for the domain member when you join the (Windows server)
> >> domain.
> >
> > He has probably inherited a domain that has a GPO set to do this (or
> > something similar), Windows does not, out of the box, create reverse
> > records.
> >
>
> Several people have mentioned that this can be done via GPO,
> but I can't
> fathom what kind of GPO this be. Where would it be applied?
> Is there a special GPO template for things like this?
As said, make sure your servers have a A and PTR record.
PC's, only A record is suffient, but if you need it, you can add the PTR by GPO.
>
>
> >>
> >> The caveat to this is the AD domain at my university is an
> >> unbelievable mess that they've tinkered with for over a decade.
> >
> > You just described all places of learning, they all appear to be a
> > mess, probably because all teachers think they know everything and
> > usually know nothing.
> >
> >> Imagine a book
> >> written by 100 monkeys, each with their own typewriter with pages
> >> assembled by an inebriated octopus, and you won't be too far off.
> >
> > Sounds about right.
> >
> >>
> >>> I would also like this to happen automatically but by default the
> >>> reverse zone is not created in a Samba AD. I don't know about
> >>> Windows
> >>> there but I doubt it done there.
> >
> > Windows will work without a reverse zone, so it isn't created by
> > default, but as they have found out, everything else that
> > Windows works with will not.
Small correction here, windows "does" attempt to register PTR records (by default).
And yes, Windows will work without reverse zone, but from a windows point of view,
a reverse zone is offent created after/at the DHCP is setup.
The main reason its not created by default, no computer can determin the subnet.
I can have my pc's in (*example) 192.168.1.0/16 while the servers use 192.168.0.0/24
But by default, DNS clients configured to perform dynamic DNS
registration will attempt to register PTR resource record
only if they successfully registered the corresponding A resource record.
Its in de default Windows template.
https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.DNSClient::DNS_RegisterReverseLookup
Simple way to verify if windows got all info correct.
Run : CMD
Type: ipconfig , look at these values, these must match with the primary dns domain of the AD-DC.
Primary Dns Suffix . . . . . . . : your.primarydns.domain.tld <<< its all about this one.
DNS Suffix Search List. . . . . . : your.primarydns.domain.tld *
Connection-specific DNS Suffix . : your.primarydns.domain.tld *
That makes sure the A record gets in the right zone.
(* these can be different, but i suggest start here, complex enough already. )
Greetz,
Louis
More information about the samba
mailing list