> > I followed this url to set up Samba AD DC.
> > https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.
> 04-samba-AD_DC.txt
> >
> > I do have it working. I am testing with a Windows 10 VM as a member
> > of the domain.
> > The machine joins the domain. Also, as administrator, I can create
> > and enforce
> > Group Policies. from this Windows machine.
> >
> > I have a Fedora 29 server which serves DHCP and DNS (and DDNS). This
> > all works.
> > When I installed Samba DC, I specified this DNS server as a
> > forwarder.
>
> Is this dns server also authoritative for the same dns domain as the AD
> domain ?
Yes, the Fedora29 server is authoritative.
>
> >
> > On the DC server (named dc0) I can enter command,
> > > dig other_machine_in_lan
> > and get correct response.
> > If I enter this command,
> > > dig @localhost other_machine_in_lan
> > It fails. Dig from domain member of course also fails.
> >
> > I know you may need more information to diagnose, but there are so
> > many files that could
> > be part of the problem I do not know which to send.
> >
>
> Lets start with the smb.conf from the DC, your DC's FQDN and ipaddress
> (sanitised if you have to) and the same for your Fedora dns server.
=== DC server smb.conf ==Ubuntu18.04> less /etc/samba/smb.conf
# Global parameters
[global]
netbios name = DC0
realm = company.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = company
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/company.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
=== END DC server smb.conf ==
DC FQDN - dc0.company.com (172.23.93.25)
Fedora server - zaphod.company.com (172.23.93.3)
Did you need more from the DNS server?
I am also getting this in logs.
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26
13:22:57.535803, 0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]:
/usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception - (9711,
'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26
13:22:57.537622, 0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]:
/usr/sbin/samba_dnsupdate: File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177,
in
_run
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26
13:22:57.537800, 0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]:
/usr/sbin/samba_dnsupdate: return self.run(*args, **kwargs)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26
13:22:57.537959, 0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]:
/usr/sbin/samba_dnsupdate: File
"/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 945, in
run
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26
13:22:57.538110, 0]
../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]:
/usr/sbin/samba_dnsupdate: raise e
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]: [2019/04/26
13:22:57.547687, 0]
../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)
Apr 26 13:22:57 samba[1393]: task[dnsupdate][1393]:
../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code
28
This email message and any attachments are for the sole use of the
intended recipient(s) and may contain proprietary and/or confidential
information which may be privileged or otherwise protected from
disclosure. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient(s), please contact the
sender by reply email and destroy the original message and any copies of
the message as well as any attachments to the original message.