[Samba] Windows ACLs
Rowland Penny
rpenny at samba.org
Fri Sep 23 17:22:48 UTC 2022
On 23/09/2022 17:37, Sonic wrote:
> On Fri, Sep 23, 2022 at 12:19 PM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
>> It should be:
>> search pizza.example.com
>> in /etc/resolv.conf instead of:
>> domain pizza.example.com
>
> Technically yes, although domain does work, but since it's deprecated
> I will change it.
'domain' and 'search' are mutually exclusive in /etc/resolv.conf,
'search' is known to work in Samba AD, so that is why I recommend it
over 'domain'.
>
>> also is 'nameserver 192.168.114.1' a typo, because your DC appears to use '192.168.114.11' as its ipaddress.
>
> Not a typo, I've tested it both ways. I generally point to the
> network's local cache instead of the DC. But I also always test direct
> to the DC just in case it does make a difference (never has in any of
> my single DC environments).
Please excuse me for the next line:
AAAARRRRGGGGHHHH..................
All AD computers must use a DC as their nameserver, this is because all
the AD dns records are stored in AD and each DC is authoritative for the
DNS domain. The exception to this is where the AD computer uses a
nameserver that forwards all AD dns domain requests to a DC (which is
pretty much the same thing as using a DC as a nameserver). You cannot
rely on a caching nameserver holding the required AD records.
Rowland
More information about the samba
mailing list