[Samba] Joining Linux Domain Member to Samba DC, issues

Mark Foley mfoley at novatec-inc.com
Sun Apr 28 00:38:34 UTC 2024 

I've successfully joined two Linux Domain Members to two different Domains. Now,
I'm joining a second Linux host as a Domain Member to a Samba4 (4.18.9) Domain.
I'm having some possible issues this time.

Issue #1 Reverse Zone

On the SambaWiki:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member, under 2.5
Forward Lookup, no problem:

# host mail
mail.hprs.local has address 192.168.0.2

2.6 Reverse Lookup is not working:

# host 192.168.0.2
Host 2.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN)

This is true for the other Linux domain member as well. I did create the reverse
zone when provisioning the DC, and when I get a zonelist on the DC it does show
the reverse zone (I think):

# samba-tool dns zonelist mail

  pszZoneName                 : 0.168.192.in-addr.arpa   <----
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE 
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED 
  pszDpFqdn                   : DomainDnsZones.hprs.local

What's up here and is this a problem?


Issue #2: "DNS Update failed"

When joining the domain member, it joins (I think), but I get "DNS update
failed" messages:

# net ads join -U Administrator   
Using short domain name -- HPRS
Joined 'WEBSERVER' to dns domain 'hprs.local'
DNS Update for webserver.hprs.local failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL

I'm hoping this is just because I had added an A record for this host back when
I provisioned the domain (and this host was not a domain member).  In fact, at
the time I added A records for all the non-Domain-Member Linux hosts and other
devices (like network printers).  I'm hopig this is not a real error, but is
basically saying the A record already exists and it can't "update" the DNS.  If
so, a less scarey message would be nice.  Please advise. 


Issue #3: getent not working

After joining this Domain Member I ran the getent test:

# getent passwd HPRS\\mark

Nothing came back. I do get results if I run it on the other Domain Member:

# getent passwd HPRS\\mark
HPRS\mark:*:11105:10513:Mark Foley:/home/mark:/bin/bash

winbindd is running and the /etc/nsswitch.conf file has been appropriately
modified. The only config different I know of between this member and the one
where getent works is that in /etc/samba/smb.conf I added:

username map = /var/lib/samba/etc/user.map

and in /var/lib/samba/etc/user.map I have:

!root = hprs\Administrator
uid = 0

wbinfo -u and wbinfo -g do work. Any idea why my getent doesn't work?

Thanks --Mark

More information about the samba mailing list