[Samba] Using samba-tool to join a linux file server to the domain doesn't appear to work

Patrick Goetz pgoetz at math.utexas.edu
Fri Nov 5 11:58:24 UTC 2021 


On 11/5/21 04:21, L.P.H. van Belle via samba wrote:
>   
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Patrick Goetz via samba
>> Verzonden: donderdag 4 november 2021 17:55
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Using samba-tool to join a linux file
>> server to the domain doesn't appear to work
>>
>>
>>
>> On 11/4/21 11:09, Rowland Penny via samba wrote:
>>> On Thu, 2021-11-04 at 11:00 -0500, Patrick Goetz via samba wrote:
>>>>
>>>> On 11/4/21 10:49, cn--- via samba wrote:
>>>>> Am 04.11.21 um 16:43 schrieb Patrick Goetz via samba:
>>>>>> While you're looking at this, would it be possible to add code to
>>>>>> add
>>>>>> a PTR record as well as the A record?  This would match the
>>>>>> behavior
>>>>>> for Windows AD controllers.
>>>>>
>>>>> The default on Windows does not create the PTR. Usually
>> you have to
>>>>> set
>>>>> up a GPO that the clients update their PTR.
>>>>>
>>>>
>>>> I have no idea, but I checked with one of my colleagues who is a
>>>> Windows
>>>> guru/domain admin, and he insisted that both an A and PTR
>> record are
>>>> created for the domain member when you join the (Windows server)
>>>> domain.
>>>
>>> He has probably inherited a domain that has a GPO set to do this (or
>>> something similar), Windows does not, out of the box, create reverse
>>> records.
>>>
>>
>> Several people have mentioned that this can be done via GPO,
>> but I can't
>> fathom what kind of GPO this be.  Where would it be applied?
>> Is there a  special GPO template for things like this?
> 
> 
> As said, make sure your servers have a A and PTR record.
> PC's, only A record is suffient, but if you need it, you can add the PTR by GPO.
> 
> 
>>
>>
>>>>
>>>> The caveat to this is the AD domain at my university is an
>>>> unbelievable mess that they've tinkered with for over a decade.
>>>
>>> You just described all places of learning, they all appear to be a
>>> mess, probably because all teachers think they know everything and
>>> usually know nothing.
>>>
>>>>    Imagine a book
>>>> written by 100 monkeys, each with their own typewriter with pages
>>>> assembled by an inebriated octopus, and you won't be too far off.
>>>
>>> Sounds about right.
>>>
>>>>
>>>>> I would also like this to happen automatically but by default the
>>>>> reverse zone is not created in a Samba AD. I don't know about
>>>>> Windows
>>>>> there but I doubt it done there.
>>>
>>> Windows will work without a reverse zone, so it isn't created by
>>> default, but as they have found out, everything else that
>>> Windows works with will not.
> 
> Small correction here, windows "does" attempt to register PTR records (by default).
> 
> And yes, Windows will work without reverse zone, but from a windows point of view,
> a reverse zone is offent created after/at the DHCP is setup.
> 
> The main reason its not created by default, no computer can determin the subnet.
> I can have my pc's in (*example) 192.168.1.0/16 while the servers use 192.168.0.0/24


Louis, I'm not following this. I can see how DHCP assignments can be an 
issue in a multi-subnet environment, but if I'm assigning a static IP 
address to the host:

   atomsmasher.ea.linuxcs.com. IN A 192.168.1.82

the PTR record is just the reverse of that:

   82.1.168.192.in-addr.arpa. IN PTR atomsmasher.ea.linuxcs.com

no subnets involved?


> 
> But by default, DNS clients configured to perform dynamic DNS
> registration will attempt to register PTR resource record
> only if they successfully registered the corresponding A resource record.
> 
> Its in de default Windows template.
> https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.DNSClient::DNS_RegisterReverseLookup
> 
> Simple way to verify if windows got all info correct.
> Run : CMD
> Type: ipconfig , look at these values, these must match with the primary dns domain of the AD-DC.
> 
>   Primary Dns Suffix  . . . . . . . : your.primarydns.domain.tld	<<< its all about this one.
>   DNS Suffix Search List. . . . . . : your.primarydns.domain.tld *
>   Connection-specific DNS Suffix  . : your.primarydns.domain.tld *
> 
> That makes sure the A record gets in the right zone.
> 
> (* these can be different, but i suggest start here, complex enough already. )
> 
> 
> 
> Greetz,
> 
> Louis
> 
> 
> 
>

More information about the samba mailing list