[Samba] Mssql with AD authentication
Kees van Vloten
keesvanvloten at gmail.com
Wed Dec 21 23:12:43 UTC 2022
Hi Team,
I am trying to setup Microsoft Sqlserver with AD authentication on
bullseye with Samba 4.16 on the DCs.
It looks like the setup as described by MS and adapted for Samba/
Winbind (instead of sssd) works pretty well.
However when I try to setup a "login" in sqlcmd: "create login
[SAMDOM\some_ad_group] from windows", I am running into an error "Could
not look up short domain name due to error: Name or service not known".
MS explains this with:
"
The NetBIOS name (CONTOSO) is required in the command, but in the
backend when performing an LDAP connection, the FQDN of the domain
(contoso.com) must be provided. To do this conversion, a DNS lookup is
performed on CONTOSO to resolve to the IP of a domain controller, which
can then be bound to for LDAP queries.
Guidance
The error message "Could not look up short domain name due to error"
suggests that nslookup for contoso doesn't resolve to IP address of the
domain controller. You should review DNS and reverse DNS lookups to
confirm that nslookup for both the NetBIOS and domain name should match.
"
It looks like Samba' s default setup is missing a dns record "SAMDOM"
that should point to the DCs.
Of course I would be able to create such a record, but it sounds like a
tiny compatibility mismatch with how MS delivers its AD DNS.
Should I create a bug for this?
Is the best short-term approach indeed to create a dns record?
How do I do that? Should it point to all DCs or to the one that is
serving the dns request or a cname to _ldap._tcp.samdom.com or something
else?
- Kees
More information about the samba
mailing list