[Samba] Samba 4 AD member loose membership after DC reboot (SOLVED)
L.P.H. van Belle
belle at bazuin.nl
Fri Apr 22 08:28:16 UTC 2022
netbios aliases = RADI.UPC.ES RADI.UPC.EDU <<< this is soo wrong..
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/naming-conventions-for-computer-domain-site-ou#computer-names
quote :
Names can contain a period (.). But the name can't start with a period.
The use of non-DNS names with periods is allowed in Microsoft Windows NT.
Periods should not be used in Microsoft Windows 2000 or later versions of Windows
Do not use . in NETBIOS names. *( and aliasses)
and read :
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/naming-conventions-for-computer-domain-site-ou#dns-host-names
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba Namens Frank via samba
> Verzonden: vrijdag 22 april 2022 9:50
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba 4 AD member loose membership after DC
> reboot (SOLVED)
>
> Hi everybody,
>
> just in case someone has a similar issue, may be this can help.
>
> Problem was DNS configuration and the way dns resolver works on ubuntu
> 20.04
>
> Often the way dns resolver use dns servers has been confused. It's
> supposed when the first dns gets offline, resolver uses next one on the
> dns list. But, how long does it take this change?
> And, when the first dns gets online again, is it used again as the first
> dns to look up?
>
> Well, in ubuntu 20.04, which uses netplan by default, dns resolution
> works in a dynamic way, and as it is expected. So, when first dns in
> list goes offline, in few seconds the second one (if there is any) take
> its place, and remains as the first, even if the previous first dns goes
> online again. You can see this with "resolvectl status" command.
>
> In my case, the first dns in the list was the DC, as expected, but the
> next two ones were global dns that were unable to resolve AD queries.
>
> So when DC went offline, may be just a reboot, members took the second
> dns, and set it as their first dns, even when DC went online again. We
> thought that when first dns in the list were up again it would be the
> first one used again, but it is not how it works.
> That made members unable to works with the AD, unable to find any DC.
> Just a reboot of the member, or a "netplan apply" made DC was the first
> dns used again.
>
> Solution: set up ONLY DCs as dns in domain members. Perhaps it sounds
> obvious, but it has been a nightmare for us.
>
> Best regards.
>
>
> Francesc Bassas Serramià
> Serveis Informàtics Campus Terrassa
> C/ Colom 2
> 08222 Terrassa (Barcelona)
> Telèfon : 93.73.98630
> https://serveis.terrassa.upc.edu/sict
>
> El 1/4/2022 a les 14:00, samba-request at lists.samba.org ha escrit:
> > Assumpte:
> > Re: [Samba] Samba 4 AD member loose membership after DC reboot
> > De:
> > Rowland Penny <rpenny at samba.org>
> > Data:
> > 31/3/2022, 15:56
> >
> > A:
> > samba at lists.samba.org
> >
> >
> > On Thu, 2022-03-31 at 14:29 +0200, Frank via samba wrote:
> >> Hi Rowland,
> >>
> >> thanks for your quick response.
> >>
> >> Here it is a member smb.conf:
> >>
> >> # Global parameters
> >> [global]
> >> workgroup = UPC-CT
> >> realm = UPC-CT.UPC.EDU
> >> netbios name = RADI
> >> netbios aliases = RADI.UPC.ES RADI.UPC.EDU
> > You cannot use netbios aliases on a Unix domain member, use a CNAME
> > instead.
> >
> >> security = ADS
> >>
> >> log level = 5
> >> username map = /var/lib/samba/user.map
> >>
> >> winbind enum users = yes
> >> winbind enum groups = yes
> > Remove the above two lines when you are sure everything is working
> > correctly, they should not be used in production.
> >
> >> winbind nss info = rfc2307
> >> winbind use default domain = Yes
> >> winbind refresh tickets = yes
> >> winbind offline logon = yes
> >> winbind cache time = 60
> >>
> >> idmap config * : backend = tdb
> >> idmap config * : range = 100-499
> >> idmap config UPC-CT:backend = ad
> >> idmap config UPC-CT:schema_mode = rfc2307
> >> idmap config UPC-CT:range = 500-999999
> >> idmap config UPC-CT:unix_nss_info = yes
> > Was this an upgrade from an NT4-style domain ?
> > Even if it was, your '*' range is clobbering local system users.
> >
> > Rowland
> >
> >
> >
> >
> --
> Aquest missatge ha estat escanejat per trobar-hi virus i
> contingut perillós per MailScanner i es
> considera que és net.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list