samba - Dec 2015 - After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command

On 03/12/15 21:12, Jonathan S. Fisher wrote:
> Rowland, I hear and understand you loud and clear. If you could point 
> out below what is the problem, because the client seems to be 
> configured correctly as you have asked:
>
>
> root at freeradius:~# nslookup 192.168.127.131
> Server:192.168.127.131
> Address:192.168.127.131#53
>
> Non-authoritative answer:
> 131.127.168.192.in-addr.arpaname = whiskey.windows.corp.XXX.com 
> <http://whiskey.windows.corp.XXX.com>.
>
> Authoritative answers can be found from:
>
> root at freeradius:~# nslookup 192.168.112.4
> Server:192.168.127.131
> Address:192.168.127.131#53
>
> Non-authoritative answer:
> 4.112.168.192.in-addr.arpaname = wine.windows.corp.XXX.com 
> <http://wine.windows.corp.XXX.com>.
>
> Authoritative answers can be found from:
>
> root at freeradius:~# cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by 
> resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 192.168.127.131
> nameserver 192.168.112.4
> search windows.corp.XXX.com <http://windows.corp.XXX.com>
>
> Both of those are DCs, both of them resolve correctly forward and 
> reverse, and both of them are in resolv.conf... is this incorrect yes/no?
>
>
This is what I would expect to see and the net command should now work.
What you seem to be mixing up, is the NETBios name 'WINDOWS' with the 
dns domain/realm name 'windows.corps.xxx.com' , Samba uses the first in 
searches but also uses the second in its dns/realm searches.
Your problem (as far as I can see) is being caused by Samba not being 
able to find any DCs due to a DNS problem. Active Directory is based 
heavily around DNS, if you get this wrong, then everything fails, this 
is why it is recommended to use a separate dns domain for the AD domain 
i.e. if your registered domain is 'example.com' use 
'internal.example.com' instead.

Rowland

It doesn't work, even with the DNS set as such:

root at freeradius:~# sudo net rpc info -UWINDOWS\\Administrator
Unable to find a suitable server for domain WINDOWS

Our registered domain is XXX.com. corp.XXX.com and windows.corp.XXX.com are
internal and not resolvable on any public DNS server.

I was curious if anyone else had any comments on these two questions I had:

* What is this lmhosts thing it's looking for?
* Is this what went wrong? > internal_resolve_name: looking up WINDOWS#1b
(sitename (null))

What is lmhosts?
What does it think our sitename is null?


On Thu, Dec 3, 2015 at 3:47 PM, Rowland penny <rpenny at samba.org> wrote:
> On 03/12/15 21:12, Jonathan S. Fisher wrote:
>
>> Rowland, I hear and understand you loud and clear. If you could point
out
>> below what is the problem, because the client seems to be configured
>> correctly as you have asked:
>>
>>
>> root at freeradius:~# nslookup 192.168.127.131
>> Server:192.168.127.131
>> Address:192.168.127.131#53
>>
>> Non-authoritative answer:
>> 131.127.168.192.in-addr.arpaname = whiskey.windows.corp.XXX.com <
>> http://whiskey.windows.corp.XXX.com>.
>>
>> Authoritative answers can be found from:
>>
>> root at freeradius:~# nslookup 192.168.112.4
>> Server:192.168.127.131
>> Address:192.168.127.131#53
>>
>> Non-authoritative answer:
>> 4.112.168.192.in-addr.arpaname = wine.windows.corp.XXX.com <
>> http://wine.windows.corp.XXX.com>.
>>
>> Authoritative answers can be found from:
>>
>> root at freeradius:~# cat /etc/resolv.conf
>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
>> resolvconf(8)
>> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
>> nameserver 192.168.127.131
>> nameserver 192.168.112.4
>> search windows.corp.XXX.com <http://windows.corp.XXX.com>
>>
>> Both of those are DCs, both of them resolve correctly forward and
>> reverse, and both of them are in resolv.conf... is this incorrect
yes/no?
>>
>>
>>
> This is what I would expect to see and the net command should now work.
> What you seem to be mixing up, is the NETBios name 'WINDOWS' with
the dns
> domain/realm name 'windows.corps.xxx.com' , Samba uses the first in
> searches but also uses the second in its dns/realm searches.
> Your problem (as far as I can see) is being caused by Samba not being able
> to find any DCs due to a DNS problem. Active Directory is based heavily
> around DNS, if you get this wrong, then everything fails, this is why it is
> recommended to use a separate dns domain for the AD domain i.e. if your
> registered domain is 'example.com' use
'internal.example.com' instead.
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
Email Confidentiality Notice: The information contained in this 
transmission is confidential, proprietary or privileged and may be subject 
to protection under the law, including the Health Insurance Portability and 
Accountability Act (HIPAA). The message is intended for the sole use of the 
individual or entity to whom it is addressed. If you are not the intended 
recipient, you are notified that any use, distribution or copying of the 
message is strictly prohibited and may subject you to criminal or civil 
penalties. If you received this transmission in error, please contact the 
sender immediately by replying to this email and delete the material from 
any computer.

On 03/12/15 21:55, Jonathan S. Fisher wrote:
> It doesn't work, even with the DNS set as such:
>
> root at freeradius:~# sudo net rpc info -UWINDOWS\\Administrator
> Unable to find a suitable server for domain WINDOWS
>
> Our registered domain is XXX.com. corp.XXX.com <http://corp.XXX.com> 
> and windows.corp.XXX.com <http://windows.corp.XXX.com> are internal 
> and not resolvable on any public DNS server.
>
> I was curious if anyone else had any comments on these two questions I 
> had:
>
> * What is this lmhosts thing it's looking for?
lmhosts is the windows version of /etc/hosts, if you have a line in 
smb.conf that references this, I would suggest you remove it unless it 
matches the default one:   name resolve order = lmhosts wins host bcast
> * Is this what went wrong? > internal_resolve_name: looking up 
> WINDOWS#1b (sitename (null))
Possibly, but your client should find everything via DNS.
Does your smb.conf match the one that can be found on the Samba wiki 
(with changes for your NETBios name & realm)? This is known to work.

Rowland
>
> What is lmhosts?
> What does it think our sitename is null?
>
>

Hai Jonathan, 

Can you give try the following :
what is the output of hostname -y. 
You probly get the messages " hostname: Local domain name not set. "
Dont worry, should not hurt, but for thesting, you can set : 
sysctl -w kernel.domainname="windows.corp.XXX.com"


and for testing you can try to set you resolv.conf to (
domain windows.corp.XXX.com
search windows.corp.XXX.com
nameserver ip_samba_dc1 
nameserver ip_samba_dc2

Yes.. !! domain and search are mutaliy exclusive..  we know, but try it. 
Restart neworking after above changes. 


The output of /etc/hostname 
( should contain only the (hostname -s)  value )


Can you try the following. 

Put in smb.conf
dns proxy = yes

restart samba. 
Run : testparm -v | grep net , i want to see the output. 

Especialy netbios name = 

Test above out, one at a time. 

I say, start with the dns proxy in smb.conf
Then the resolv.conf 
Then the kernel domain 


Greetz, 
Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
> Verzonden: donderdag 3 december 2015 23:08
> Aan: sambalist
> Onderwerp: Re: [Samba] After joining domain, Samba uses the workgroup
> name, not the FQDN when running the net ads command
> 
> On 03/12/15 21:55, Jonathan S. Fisher wrote:
> > It doesn't work, even with the DNS set as such:
> >
> > root at freeradius:~# sudo net rpc info -UWINDOWS\\Administrator
> > Unable to find a suitable server for domain WINDOWS
> >
> > Our registered domain is XXX.com. corp.XXX.com
<http://corp.XXX.com>
> > and windows.corp.XXX.com <http://windows.corp.XXX.com> are
internal
> > and not resolvable on any public DNS server.
> >
> > I was curious if anyone else had any comments on these two questions I
> > had:
> >
> > * What is this lmhosts thing it's looking for?
> 
> lmhosts is the windows version of /etc/hosts, if you have a line in
> smb.conf that references this, I would suggest you remove it unless it
> matches the default one:   name resolve order = lmhosts wins host bcast
> 
> > * Is this what went wrong? > internal_resolve_name: looking up
> > WINDOWS#1b (sitename (null))
> 
> Possibly, but your client should find everything via DNS.
> Does your smb.conf match the one that can be found on the Samba wiki
> (with changes for your NETBios name & realm)? This is known to work.
> 
> Rowland
> 
> >
> > What is lmhosts?
> > What does it think our sitename is null?
> >
> >
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

And last thing i forgot. 

Is this server having multiple interfaces ? 
Yes, set in smb.conf 
interfaces =  127.0.0.1 
bind interfaces only = No

and can you post the complete krb5.conf again. 
I did not see in libdefaults. 
    dns_lookup_kdc = true
    dns_lookup_realm = false

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
> Verzonden: donderdag 3 december 2015 23:08
> Aan: sambalist
> Onderwerp: Re: [Samba] After joining domain, Samba uses the workgroup
> name, not the FQDN when running the net ads command
> 
> On 03/12/15 21:55, Jonathan S. Fisher wrote:
> > It doesn't work, even with the DNS set as such:
> >
> > root at freeradius:~# sudo net rpc info -UWINDOWS\\Administrator
> > Unable to find a suitable server for domain WINDOWS
> >
> > Our registered domain is XXX.com. corp.XXX.com
<http://corp.XXX.com>
> > and windows.corp.XXX.com <http://windows.corp.XXX.com> are
internal
> > and not resolvable on any public DNS server.
> >
> > I was curious if anyone else had any comments on these two questions I
> > had:
> >
> > * What is this lmhosts thing it's looking for?
> 
> lmhosts is the windows version of /etc/hosts, if you have a line in
> smb.conf that references this, I would suggest you remove it unless it
> matches the default one:   name resolve order = lmhosts wins host bcast
> 
> > * Is this what went wrong? > internal_resolve_name: looking up
> > WINDOWS#1b (sitename (null))
> 
> Possibly, but your client should find everything via DNS.
> Does your smb.conf match the one that can be found on the Samba wiki
> (with changes for your NETBios name & realm)? This is known to work.
> 
> Rowland
> 
> >
> > What is lmhosts?
> > What does it think our sitename is null?
> >
> >
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba