Rowland Penny
2023-Apr-25 08:40 UTC
[Samba] DNS problems (still) with Linux domain members - using Samba's internal DNS backend
On 24/04/2023 22:03, Gary Dale via samba wrote:> As near as I can tell, my Samba AD DC is working. I'm getting no errors > when I bring up and use Active Directory Users and Computers. > > When I do the testing (verifying) for the file server, DNS and Kerberos > from > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller, everything works. To be clear, the DC is NOT running as a file server - that is simply the terminology used by the wiki page. > > I did the Create a reverse zone section but the reverse lookup fails. > root at DC1:~# host 192.168.1.13 > Host 13.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN) >But have you created the reverse record for the DC ? Rowland
Gary Dale
2023-Apr-25 11:14 UTC
[Samba] DNS problems (still) with Linux domain members - using Samba's internal DNS backend
On 2023-04-25 04:40, Rowland Penny via samba wrote:> > > On 24/04/2023 22:03, Gary Dale via samba wrote: >> As near as I can tell, my Samba AD DC is working. I'm getting no >> errors when I bring up and use Active Directory Users and Computers. >> >> When I do the testing (verifying) for the file server, DNS and >> Kerberos from >> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller, >> everything works. To be clear, the DC is NOT running as a file server >> - that is simply the terminology used by the wiki page. >> >> I did the Create a reverse zone section but the reverse lookup fails. >> root at DC1:~# host 192.168.1.13 >> Host 13.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN) >> > > But have you created the reverse record for the DC ? > > Rowland >Yes. Your answer is out of date. That part is now working as per my reply to my own question at 23:56 last night.
Gary Dale
2023-Apr-25 11:52 UTC
[Samba] DNS problems (still) with Linux domain members - using Samba's internal DNS backend
On 2023-04-25 04:40, Rowland Penny via samba wrote:> > > On 24/04/2023 22:03, Gary Dale via samba wrote: >> As near as I can tell, my Samba AD DC is working. I'm getting no >> errors when I bring up and use Active Directory Users and Computers. >> >> When I do the testing (verifying) for the file server, DNS and >> Kerberos from >> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller, >> everything works. To be clear, the DC is NOT running as a file server >> - that is simply the terminology used by the wiki page. >> >> I did the Create a reverse zone section but the reverse lookup fails. >> root at DC1:~# host 192.168.1.13 >> Host 13.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN) >> > > But have you created the reverse record for the DC ? > > Rowland >Yes. Your answer is out of date. That part is now working as per my reply to my own question at 23:56 last night. I note however that the wiki doesn't actually tell you to do that. It only suggests (optionally) creating the reverse zone. You need to read the Administering DNS Samba wiki to potentially figure out you have to do that. There is a poorly-explained example in the DNS wiki that tells you how to do it.? It would be of great help if the wiki established clear standards about what you need to change for your situation and what is a "magic value" that shouldn't be changed. The usual practice of putting variable values in <> and using descriptive names seems to be rarely followed. The wikis seem to believe that you are reading them from start to finish as that is necessary to figure out what parts are magic and what are specific to the example. e.g. in the DNS wiki under "Adding new records", the first example reads: samba-tool dns add <Your-AD-DNS-Server-IP-or-hostname> samdom.example.com demo A 192.168.0.55 It starts out well? but then you hit "samdom..." which should be <your realm in lowercase>. For extra clarity, it could be followed by an example with all the values substituted: samba-tool dns add DC1 samdom.example.com demo A 192.168.0.55 then showing the results of the command. And of course, it should use the -U Administrator option since that seems to be required these days.