[Samba] DNS problems (still) with Linux domain members - using Samba's internal DNS backend
Gary Dale
gary at extremeground.com
Mon Apr 24 21:03:37 UTC 2023
As near as I can tell, my Samba AD DC is working. I'm getting no errors
when I bring up and use Active Directory Users and Computers.
When I do the testing (verifying) for the file server, DNS and Kerberos
from
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller,
everything works. To be clear, the DC is NOT running as a file server -
that is simply the terminology used by the wiki page.
I did the Create a reverse zone section but the reverse lookup fails.
root at DC1:~# host 192.168.1.13
Host 13.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
Here's the output from my DNS information commands:
root at DC1:~# samba-tool dns zonelist DC1 -U Administrator
Password for [HOME\Administrator]:
3 zone(s) found
pszZoneName : 1.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.home.rahim-dale.org
pszZoneName : home.rahim-dale.org
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.home.rahim-dale.org
pszZoneName : _msdcs.home.rahim-dale.org
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED
DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.home.rahim-dale.org
root at DC1:~# samba-tool dns zoneinfo DC1 home.rahim-dale.org -U Administrator
Password for [HOME\Administrator]:
pszZoneName : home.rahim-dale.org
dwZoneType : DNS_ZONE_TYPE_PRIMARY
fReverse : FALSE
fAllowUpdate : DNS_ZONE_UPDATE_SECURE
fPaused : FALSE
fShutdown : FALSE
fAutoCreated : FALSE
fUseDatabase : TRUE
pszDataFile : None
aipMasters : []
fSecureSecondaries : DNS_ZONE_SECSECURE_NO_XFER
fNotifyLevel : DNS_ZONE_NOTIFY_LIST_ONLY
aipSecondaries : []
aipNotify : []
fUseWins : FALSE
fUseNbstat : FALSE
fAging : FALSE
dwNoRefreshInterval : 168
dwRefreshInterval : 168
dwAvailForScavengeTime : 0
aipScavengeServers : []
dwRpcStructureVersion : 0x2
dwForwarderTimeout : 0
fForwarderSlave : 0
aipLocalMasters : []
dwDpFlags : DNS_DP_AUTOCREATED
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.home.rahim-dale.org
pwszZoneDn :
DC=home.rahim-dale.org,CN=MicrosoftDNS,DC=DomainDnsZones,DC=home,DC=rahim-dale,DC=org
dwLastSuccessfulSoaCheck : 0
dwLastSuccessfulXfr : 0
fQueuedForBackgroundLoad : FALSE
fBackgroundLoadInProgress : FALSE
fReadOnlyZone : FALSE
dwLastXfrAttempt : 0
dwLastXfrResult : 0
root at DC1:~# samba-tool dns query DC1 home.rahim-dale.org @ ALL -U
Administrator
Password for [HOME\Administrator]:
Name=, Records=3, Children=0
SOA: serial=136, refresh=900, retry=600, expire=86400, minttl=3600,
ns=dc1.home.rahim-dale.org., email=hostmaster.home.rahim-dale.org.
(flags=600000f0, serial=136, ttl=3600)
NS: dc1.home.rahim-dale.org. (flags=600000f0, serial=1, ttl=900)
A: 192.168.1.13 (flags=600000f0, serial=1, ttl=900)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=5
Name=_udp, Records=0, Children=2
Name=dc1, Records=4, Children=0
A: 192.168.1.13 (flags=f0, serial=1, ttl=900)
SRV: dc1.home.rahim-dale.org. (8080, 0, 100) (flags=f0, serial=129,
ttl=900)
SRV: dc1.home.rahim-dale.org. (389, 0, 100) (flags=f0, serial=130,
ttl=900)
SRV: home.rahim-dale.org. (389, 0, 100) (flags=f0, serial=131, ttl=900)
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
Name=GHOSTWHEEL10, Records=1, Children=0
A: 192.168.1.41 (flags=f0, serial=110, ttl=1200)
Name=thelibrarian, Records=1, Children=0
A: 192.168.1.14 (flags=f0, serial=110, ttl=3600)
Name=transponder, Records=1, Children=0
A: 192.168.1.20 (flags=f0, serial=110, ttl=3600)
GhostWheel10 is my Windows 10 VM which gets its IP, etc. via DCHP from
my router. I note that it allows me to specify both the DNS and WINS
server addresses, both set to 192.168.1.13.
My Linux boxes (real and virtual) have their IP set statically.
/etc/resolv.conf reads (in all cases, including DC1):
nameserver 192.168.1.13
search home.rahim-dale.org
The reverse lookup (using nslookup) also fails on the Windows VM.
The /etc/samba/smb.conf on the DC is
# Global parameters
[global]
dns forwarder = 192.168.1.1
netbios name = DC1
realm = HOME.RAHIM-DALE.ORG
server role = active directory domain controller
workgroup = HOME
idmap_ldb:use rfc2307 = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/home.rahim-dale.org/scripts
read only = No
The dns forwarder points to the router.
Anyway, the failure of the reverse lookup seems to be a symptom of
whatever is causing the "session setup failed:
NT_STATUS_NO_LOGON_SERVERS" messages I keep getting when trying to
connect to anything but the DC or from any Linux machine.
Can anyone suggest what I am doing wrong and/or how to fix it?
Thanks.
More information about the samba
mailing list