> > This sounds like a dns problem, are your windows machines using the DC > as their nameserver ? >yes they are using the server as dns. DNS is done through bind9 and implemented in samba via bind9_dlz. All looks fine: $ host -t A smb.wie smb.wie has address 192.168.1.50 $ host -t SRV _kerberos._udp.smb.wie _kerberos._udp.smb.wie has SRV record 0 100 88 srv.smb.wie. $ host -t SRV _ldap._tcp.smb.wie _ldap._tcp.smb.wie has SRV record 0 100 389 srv.smb.wie. And thanks for your explanation on rid / ad but it seems to me like it is not relevant here - I am using only one server for everything (I know it is not advised to do so).
On Sun, 6 Nov 2016 15:05:39 +0100 Maximilian Kirchner via samba <samba at lists.samba.org> wrote:> > > > This sounds like a dns problem, are your windows machines using the > > DC as their nameserver ? > > > > yes they are using the server as dns. DNS is done through bind9 and > implemented in samba via bind9_dlz. All looks fine: > $ host -t A smb.wie > smb.wie has address 192.168.1.50 > $ host -t SRV _kerberos._udp.smb.wie > _kerberos._udp.smb.wie has SRV record 0 100 88 srv.smb.wie. > $ host -t SRV _ldap._tcp.smb.wie > _ldap._tcp.smb.wie has SRV record 0 100 389 srv.smb.wie.These look like they are being run on the DC, what about from the windows clients ?> > And thanks for your explanation on rid / ad but it seems to me like > it is not relevant here - I am using only one server for everything > (I know it is not advised to do so).It is your DC and you can do as you wish, I think I should point out that SME is moving towards what you are doing. There are technical reasons why it is not recommended to use the DC as a fileserver, but if you can work around these, there is no reason not to use the DC as a fileserver. One of the main, visible, problems is that winbind on a DC only uses the uidNumber & gidNumber attributes, you have to use the 'template' lines in smb.conf. Can you post your bind9 conf files, there may be something relevant there. Rowland
On Sun, 6 Nov 2016 15:05:39 +0100 Maximilian Kirchner via samba <samba at lists.samba.org> wrote:> > > > This sounds like a dns problem, are your windows machines using the > > DC as their nameserver ? > > > > yes they are using the server as dns. DNS is done through bind9 and > implemented in samba via bind9_dlz. All looks fine: > $ host -t A smb.wie > smb.wie has address 192.168.1.50 > $ host -t SRV _kerberos._udp.smb.wie > _kerberos._udp.smb.wie has SRV record 0 100 88 srv.smb.wie. > $ host -t SRV _ldap._tcp.smb.wie > _ldap._tcp.smb.wie has SRV record 0 100 389 srv.smb.wie. >What about: host -t PTR 192.168.1.50 Rowland> And thanks for your explanation on rid / ad but it seems to me like > it is not relevant here - I am using only one server for everything > (I know it is not advised to do so).
Thanks a lot for your help so far. The main reason I do not use vms is that the server is pretty limited in RAM so this would only be my last resort. To prevent confusion: srv.wie (192.168.1.50) is the same machine as smb.wie (192.168.1.55), I seperated them just now to debug the problem.> These look like they are being run on the DC, what about from the > windows clients ? >I did those via a linux client on the same network, here the results from windows (: C:\Users\kirchner.SMB>nslookup smb.wie Server: srv.wie Address: 192.168.1.50 Name: smb.wie Address: 192.168.1.55 C:\Users\kirchner.SMB>nslookup _ldap._tcp.smb.wie Server: srv.wie Address: 192.168.1.50 Name: _ldap._tcp.smb.wie C:\Users\kirchner.SMB>nslookup _kerberos._tcp.smb.wie Server: srv.wie Address: 192.168.1.50 Name: _kerberos._tcp.smb.wie Can you post your bind9 conf files, there may be something relevant> there. >named.conf: include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; include "/usr/local/samba/private/named.conf"; named.conf.options: options { directory "/var/cache/bind"; forwarders { 8.8.8.8; 8.8.4.4; }; //======================================================================= // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================= dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; }; named.conf.local: zone "wie." { type master; file "/etc/bind/zones/db.wie"; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/db.1.168.192"; }; named.conf.default-zones: // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; zones/db.wie: $TTL 604800 @ IN SOA srv.wie. ns.wie. ( 3 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 3H ) ; NX (TTL Negativ Cache) ; Nameservers IN NS srv.wie. ; name servers - A records srv.wie. IN A 192.168.1.50 ; Hostname records router.wie. IN A 192.168.1.1 drucker.wie. IN A 192.168.1.25 drucker2.wie. IN A 192.168.1.26 wiesrv.wie. IN A 192.168.1.51 smb.wie. IN A 192.168.1.55 zones/db.1.168.192: $TTL 2D @ IN SOA srv.wie. ns.wie. ( 3 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 2D ) ; TTL Negative Cache ; name servers - NS records IN NS srv.wie. ; PTR Records 1 IN PTR router.wie. 25 IN PTR drucker.wie. 26 IN PTR drucker2.wie. 50 IN PTR srv.wie. 55 IN PTR smb.wie. 51 IN PTR wiesrv.wie.