Jonathan S. Fisher
2015-Nov-30 20:01 UTC
[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
Hey guys, I've successfully joined the domain with "sudo net ads join -k". However, when I try to run this: "sudo net rpc info" I get this error: "Unable to find a suitable server for domain WINDOWS" I dumped the DNS requests and it looks like the problem is that it's asking for ldap entries under the workgroup name, not the FQDN:>From Wireshark:Queries _ldap._tcp.pdc._msdcs.WINDOWS: type SRV, class IN Name: _ldap._tcp.pdc._msdcs.WINDOWS Ok great, so if I dig that with the command: "dig _ldap._tcp.pdc._msdcs.WINDOWS" dig times out. If I dig the FQDN: "dig _ldap._tcp.pdc._msdcs.WINDOWS.CORP.XXX.COM" I get a response instantly. Is this a problem with my windows domain controller (how do I make it respond to those queries)? Or is this a problem with my samba setup? Samba version: 4.2.5-SerNet-Ubuntu-8.trusty Here is my smb.conf: [global] security=ads realm=WINDOWS.CORP.XXX.COM workgroup=WINDOWS domain master=no local master=no preferred master=no load printers=no printing=bsd printcap name=/dev/null disable spoolss=yes idmap backend=tdb idmap uid=10000-99999 idmap gid=10000-99999 winbind enum users=yes winbind enum groups=yes winbind use default domain=yes winbind nested groups=yes winbind refresh tickets=yes winbind offline logon=yes template shell=/bin/false client use spnego=yes client ntlmv2 auth=yes encrypt passwords=yes restrict anonymous=2 log file=/var/log/samba/samba.log log level=2 dcerpc endpoint servers=remote wins support=no -- Email Confidentiality Notice: The information contained in this transmission is confidential, proprietary or privileged and may be subject to protection under the law, including the Health Insurance Portability and Accountability Act (HIPAA). The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this email and delete the material from any computer.
Rowland Penny
2015-Nov-30 20:20 UTC
[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
On 30/11/15 20:01, Jonathan S. Fisher wrote:> Hey guys, > > I've successfully joined the domain with "sudo net ads join -k". However, > when I try to run this: "sudo net rpc info" I get this error: "Unable to > find a suitable server for domain WINDOWS" > > I dumped the DNS requests and it looks like the problem is that it's asking > for ldap entries under the workgroup name, not the FQDN: > > From Wireshark: > > Queries > _ldap._tcp.pdc._msdcs.WINDOWS: type SRV, class IN > Name: _ldap._tcp.pdc._msdcs.WINDOWS > > Ok great, so if I dig that with the command: "dig > _ldap._tcp.pdc._msdcs.WINDOWS" dig times out. If I dig the FQDN: "dig > _ldap._tcp.pdc._msdcs.WINDOWS.CORP.XXX.COM" I get a response instantly. > > Is this a problem with my windows domain controller (how do I make it > respond to those queries)? Or is this a problem with my samba setup? > > Samba version: 4.2.5-SerNet-Ubuntu-8.trusty > > Here is my smb.conf: > > [global] > security=ads > realm=WINDOWS.CORP.XXX.COM > workgroup=WINDOWS > domain master=no > local master=no > preferred master=no > load printers=no > printing=bsd > printcap name=/dev/null > disable spoolss=yes > idmap backend=tdb > idmap uid=10000-99999 > idmap gid=10000-99999 > winbind enum users=yes > winbind enum groups=yes > winbind use default domain=yes > winbind nested groups=yes > winbind refresh tickets=yes > winbind offline logon=yes > template shell=/bin/false > client use spnego=yes > client ntlmv2 auth=yes > encrypt passwords=yes > restrict anonymous=2 > log file=/var/log/samba/samba.log > log level=2 > dcerpc endpoint servers=remote > wins support=no >Try it like this: sudo net rpc info -UAdministrator Rowland
Jonathan S. Fisher
2015-Nov-30 20:30 UTC
[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
Same results with that command. And the same DNS query occurred On Mon, Nov 30, 2015 at 2:20 PM, Rowland Penny <rowlandpenny241155 at gmail.com> wrote:> On 30/11/15 20:01, Jonathan S. Fisher wrote: > >> Hey guys, >> >> I've successfully joined the domain with "sudo net ads join -k". However, >> when I try to run this: "sudo net rpc info" I get this error: "Unable to >> find a suitable server for domain WINDOWS" >> >> I dumped the DNS requests and it looks like the problem is that it's >> asking >> for ldap entries under the workgroup name, not the FQDN: >> >> From Wireshark: >> >> Queries >> _ldap._tcp.pdc._msdcs.WINDOWS: type SRV, class IN >> Name: _ldap._tcp.pdc._msdcs.WINDOWS >> >> Ok great, so if I dig that with the command: "dig >> _ldap._tcp.pdc._msdcs.WINDOWS" dig times out. If I dig the FQDN: "dig >> _ldap._tcp.pdc._msdcs.WINDOWS.CORP.XXX.COM" I get a response instantly. >> >> Is this a problem with my windows domain controller (how do I make it >> respond to those queries)? Or is this a problem with my samba setup? >> >> Samba version: 4.2.5-SerNet-Ubuntu-8.trusty >> >> Here is my smb.conf: >> >> [global] >> security=ads >> realm=WINDOWS.CORP.XXX.COM >> workgroup=WINDOWS >> domain master=no >> local master=no >> preferred master=no >> load printers=no >> printing=bsd >> printcap name=/dev/null >> disable spoolss=yes >> idmap backend=tdb >> idmap uid=10000-99999 >> idmap gid=10000-99999 >> winbind enum users=yes >> winbind enum groups=yes >> winbind use default domain=yes >> winbind nested groups=yes >> winbind refresh tickets=yes >> winbind offline logon=yes >> template shell=/bin/false >> client use spnego=yes >> client ntlmv2 auth=yes >> encrypt passwords=yes >> restrict anonymous=2 >> log file=/var/log/samba/samba.log >> log level=2 >> dcerpc endpoint servers=remote >> wins support=no >> >> > Try it like this: sudo net rpc info -UAdministrator > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Email Confidentiality Notice: The information contained in this transmission is confidential, proprietary or privileged and may be subject to protection under the law, including the Health Insurance Portability and Accountability Act (HIPAA). The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this email and delete the material from any computer.
Possibly Parallel Threads
- After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
- After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
- After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
- After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
- After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command