On 20/11/14 10:41, Morgan Blackthorne wrote:> So I set up two of my three Linode servers in the Texas datacenter as
> Samba4 domain controllers. (One to provision the domain, and one joining
> it.) These have IPTables in place that allow my home IP address to access
> any protocol/port, and 53 is allowed from everywhere for both tcp and udp.
> The domain that I configured is AD.WINDSOFSTORM.NET, and I have delegated
> NS records for that subdomain to the two servers that are running Samba
> (using the Samba internal DNS server). My understanding, although this was
> not covered explicitly in any of the docs that I found, was that this would
> be sufficient for DNS purposes so that I would not have to repoint my
> workstation to use those servers directly for DNS resolution; the requests
> for anything under that subdomain will get properly routed there instead by
> the normal internet DNS architecture.
>
> However, I am unable to join the domain. Looking at the logs, I don't
see
> anything going on. I tried just manually connecting to \\
> sage.windsofstorm.net, the PDC, and I got "Windows cannot access this
> share". But I can use netcat to reach the server over UDP 139/TCP
389/etc.
> Is there something that I need to specify given that the server is on a
> different network than my home network? (I can't set up a VPN to their
> internal network at this point in time as I already have a VPN in place for
> work. Maybe down the line.)
>
> I'm a little confused as to what I should be checking at this point.
All
> the guides I've found seem to indicate that it should "just
work" at this
> point.
>
> --
> ~*~ StormeRider ~*~
>
> "Every world needs its heroes [...] They inspire us to be better than
we
> are. And they protect from the darkness that's just around the
corner."
>
> (from Smallville Season 6x1: "Zod")
>
> On why I hate the phrase "that's so lame"...
http://bit.ly/Ps3uSS
Hi, if you go here: https://wiki.samba.org/index.php/Samba_Readme_First
Look under the heading 'Requirements', you will find this:
DNS config: The network configuration of all clients must be set up to
send all DNS queries only to the AD-server(s). Even the AD-Server(s)
themselves must be set up to send DNS queries only to their own DNS
servers. The DNS server that runs on the AD server(s) should forward
queries for non-AD hosts to a different DNS server that can answer those
queries.
What this means is, your domain clients MUST use the samba4 DNS server
and anything that this server doesn't know about, it will ask its
forwarder. Your samba4 DNS server shouldn't really be resolvable from
the internet.
Rowland