[Samba] Provisioning new AD Domain Controller

Rowland Penny rpenny at samba.org
Fri Dec 1 20:31:16 UTC 2023 

On Fri, 01 Dec 2023 14:45:09 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:

> On Fri Dec  1 03:14:31 2023 Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> > On Fri, 01 Dec 2023 01:38:55 -0500
> > Mark Foley via samba <samba at lists.samba.org> wrote:
> >
> > > Should I delete this zone and recreate with
> > > "0.168.192.in-addr.arpa"?
> >
> > Yes, your reversezone at present has space for only one client.
> >
> > Rowland
> 
> OK, that is done! I did:
> 
> samba-tool dns zonedelete dc1 2.0.168.192.in-addr.arpa
> samba-tool dns zonecreate dc1.hprs.locl   0.168.192.in-addr.arpa
> 
> Moving on with the tests. Most are working, but a couple of the tests
> for Verifying DNS,
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Verifying_DNS_(Optional)
> have issues. This one gives me a bit different output:
> 
> # host -t A dc1.hprs.locl.
> dc1.hprs.locl has address 192.168.0.2
> dc1.hprs.locl has address 24.142.169.13
> 
> The 192.68.0.2 was expected from the wiki example, but what about the
> 24.142.169.13? That is the public IP for this server. I presume
> that's OK?

No, your AD DC should not be connected to the internet in anyway.

> 
> The next test fails:
> 
> # host -t PTR 192.168.0.2
> Host 2.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
> 
> The zonecreate was successful, so why the failure? Leaving of the .2
> also fails:
> 
> # host -t PTR 192.168.0
> 192.168.0 has no PTR record
> 
> What did I do wrong?

I have no idea, lets start with the contents of /etc/hosts and your
smb.conf

> 
> Finally, not a question/error yet, but in smb.conf [GLOBAL] I have:
> 
> dns forwarder = 209.18.47.61

Well, it looks okay, but what is '209.18.47.61', it doesn't appear to
be respond to a ping.

> 
> That was stuck in there by the provision operation. This is an IP for
> my ISP's name server.  I kept the ISP's nameservers in
> /etc/resolv.conf because with just the wiki suggested entries:

Ah, it is a dns server:
host -t PTR 209.18.47.61
61.47.18.209.in-addr.arpa domain name pointer dns-cac-lb-01.rr.com.

> 
> search hprs.locl
> nameserver 192.168.0.2
> 
> I could not resolve public domain names.

It is a dns problem, this is what is supposed to happen:

A client asks for the dns info for dc1.hprs.locl and the Samba dns
server should reply with the correct data, but if the client was to ask
for the dns info for www.samba.org , the Samba dns server will not
know it and should ask the forwarder for the info, which it should
return and the Samba server would then pass this to the client.

That doesn't appear to be happening on your DC, did you add the lines
to your DC smb.conf that you didn't pass during the provision ?

Rowland

More information about the samba mailing list