I have setup a Samba PDC using the following guide:
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
I have opted to use the internal Samba DNS server and have specified a DNS
forwarder of 8.8.8.8
When I test the DNS functionality according to the guide everything appears
fine:
user at myhost:~$ host -t SRV _ldap._tcp.ad.mydomain.com.au.
_ldap._tcp.ad.mydomain.com.au has SRV record 0 100 389
myhost.ad.mydomain.com.au.
user at myhost:~$ host -t SRV _kerberos._udp.ad.mydomain.com.au.
_kerberos._udp.ad.mydomain.com.au has SRV record 0 100 88
myhost.ad.mydomain.com.au.
user at myhost:~$ host -t A myhost.ad.mydomain.com.au.
myhost.ad.mydomain.com.au has address 192.168.1.13
When I verify an external host the DNS appears to fail:
user at myhost:~$ dig www.google.com
; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31751
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com. IN A
;; Query time: 0 msec
;; SERVER: 192.168.1.13#53(192.168.1.13)
;; WHEN: Tue Nov 10 06:12:48 AEDT 2015
;; MSG SIZE rcvd: 43
How can I verify the samba DNS forwarder is working correctly?
My smb.conf file reads as follows:
# Global parameters
[global]
workgroup = MYDOMAIN
realm = AD.MYDOMAIN.COM.AU
netbios name = MYHOST
server role = active directory domain controller
dns forwarder = 8.8.8.8,
server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, dns, smb
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver, winreg, srvsvc
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/ad.mydomain.com.au/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
On 09/11/15 19:32, Henry McLaughlin wrote:> I have setup a Samba PDC using the following guide: > https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller > > I have opted to use the internal Samba DNS server and have specified a DNS > forwarder of 8.8.8.8 > > When I test the DNS functionality according to the guide everything appears > fine: > > user at myhost:~$ host -t SRV _ldap._tcp.ad.mydomain.com.au. > _ldap._tcp.ad.mydomain.com.au has SRV record 0 100 389 > myhost.ad.mydomain.com.au. > user at myhost:~$ host -t SRV _kerberos._udp.ad.mydomain.com.au. > _kerberos._udp.ad.mydomain.com.au has SRV record 0 100 88 > myhost.ad.mydomain.com.au. > user at myhost:~$ host -t A myhost.ad.mydomain.com.au. > myhost.ad.mydomain.com.au has address 192.168.1.13 > > > When I verify an external host the DNS appears to fail: > > user at myhost:~$ dig www.google.com > > ; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> www.google.com > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31751 > ;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;www.google.com. IN A > > ;; Query time: 0 msec > ;; SERVER: 192.168.1.13#53(192.168.1.13) > ;; WHEN: Tue Nov 10 06:12:48 AEDT 2015 > ;; MSG SIZE rcvd: 43 > > How can I verify the samba DNS forwarder is working correctly? > > My smb.conf file reads as follows: > > # Global parameters > [global] > workgroup = MYDOMAIN > realm = AD.MYDOMAIN.COM.AU > netbios name = MYHOST > server role = active directory domain controller > dns forwarder = 8.8.8.8, > server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate, dns, smb > dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, > netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, > backupkey, dnsserver, winreg, srvsvc > idmap_ldb:use rfc2307 = yes > > [netlogon] > path = /var/lib/samba/sysvol/ad.mydomain.com.au/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = NoI noticed you are using Ubuntu, are you by any chance using Network Manager, if so have you turned of the dnsmasq cache ? Rowland
Hi,> # Global parameters > [global] > workgroup = MYDOMAIN > realm = AD.MYDOMAIN.COM.AU > netbios name = MYHOST > server role = active directory domain controller > dns forwarder = 8.8.8.8, > server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,I am under the impression that you can only use one forwarder. Perhaps you should try removing the comma? Hope that helps, MJ
On 10 November 2015 at 09:33, Henry McLaughlin <henry at incred.com.au> wrote:> On 10 November 2015 at 06:51, mourik jan c heupink <heupink at merit.unu.edu> > wrote: > >> Hi, >> >> # Global parameters >>> [global] >>> workgroup = MYDOMAIN >>> realm = AD.MYDOMAIN.COM.AU >>> netbios name = MYHOST >>> server role = active directory domain controller >>> dns forwarder = 8.8.8.8, >>> server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, >>> >> >> I am under the impression that you can only use one forwarder. Perhaps >> you should try removing the comma? >> > > Worked thanks. The trailing comma was inserted by the samba-tool command > so this may be a bug. > >> >> Hope that helps, >> MJ >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >