Thanks. I was able to verify through the following command: *samba-tool dns query localhost yourdomain.lan @ ALL -U administrator* -------------- Rowland, Some time ago I had made some questions about dns with samba4. In the topic below you say: "I would suggest you create a sub domain of your main domain (this is recommended anyway) i.e. if your main domain is called 'company.com', create a sub domain called 'samba.company.com'. Use the sub domain for your AD domain and forward anything outside the sub domain to your main DNS servers. Rowland" https://lists.samba.org/archive/samba/2016-July/201497.html Ok. I created the subdomain for the samba. *addc.mydomain.edu <http://addc.mydomain.edu>* Use the sub domain for your AD domain and forward anything outside the sub> domain to your main DNS servers.How would I do that? I thought I was already doing this with the settings I already posted on this thread. :D On Fri, May 19, 2017 at 3:46 AM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 18 May 2017 19:52:23 -0300 > Elias Pereira <empbilly at gmail.com> wrote: > > > Rowland, > > > > I used the M$ DNS Manager tool and was able to create a delegation > > from a subdomain to my existing DNS. > > > > DNS Manager > Forward Lookup Zones > Right-click on mydomain.edu > New > > Delegation > ... > > > > After this I can open, for example the service "www.mydomain.edu" > > normally. > > > > Where are these entries in AD? > > > > They should be under: > > DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > DC=ForestDnsZones,DC=samdom,DC=example,DC=com > > Where 'DC=samdom,DC=example,DC=com' is replace with your domain info > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira
On Fri, 19 May 2017 08:55:11 -0300 Elias Pereira <empbilly at gmail.com> wrote:> Thanks. > > I was able to verify through the following command: > > *samba-tool dns query localhost yourdomain.lan @ ALL -U administrator* > > -------------- > > Rowland, > > Some time ago I had made some questions about dns with samba4. In the > topic below you say: > > "I would suggest you create a sub domain of your main domain (this is > recommended anyway) i.e. if your main domain is called 'company.com', > create a sub domain called 'samba.company.com'. Use the sub domain for > your AD domain and forward anything outside the sub domain to your > main DNS servers. > > Rowland" > https://lists.samba.org/archive/samba/2016-July/201497.html > > Ok. I created the subdomain for the samba. > > *addc.mydomain.edu <http://addc.mydomain.edu>* > > Use the sub domain for your AD domain and forward anything outside > the sub > > domain to your main DNS servers. > > > How would I do that? I thought I was already doing this with the > settings I already posted on this thread. :D >Unless I misunderstood what you have posted, you initially had some of the AD dns domain records stored in your main dns server. When you initially set up an AD domain, you need to choose a dns domain name to use. If you already have a registered domain, you should not use this for your AD dns domain, you should create a subdomain name and use this. So, if your registered domain is 'example.com', you could use 'ad.example.com' for the AD dns domain. You would use this when provisioning the new AD domain, this would mean that the kerberos realm would be 'AD.EXAMPLE.COM'. You would only store the AD dns records in AD on the DC, nowhere else. This way (provided you set the AD clients to use the AD DC as their dns nameserver) your clients ask the DC for their dns info, anything that the DC doesn't know about (an external website for instance), it would ask the forwarder you set in smb.conf if using the internal dns server, or the forwarder set in named.conf if using Bind9. Most people use something like google for the forwarder, but there is nothing stopping you using an original dns server, provided it doesn't hold any of your AD dns records and is setup to forward anything it doesn't know. You should also never set any of the AD dns servers to 'forward first' Rowland
Thanks Rowland!! Now everything is working properly. After I create the subdomain for samba, the queries that don't belong to AD are forward to our main DNS and I have again access to our internal services. Other question. Can I add another email domain option in AD? Example in http://i.imgur.com/cLU2UyYl.png
On Mon, 22 May 2017 17:49:09 -0300 Elias Pereira via samba <samba at lists.samba.org> wrote:> Thanks Rowland!! > > Now everything is working properly. After I create the subdomain for > samba, the queries that don't belong to AD are forward to our main > DNS and I have again access to our internal services. > > Other question. > > Can I add another email domain option in AD? > > Example in http://i.imgur.com/cLU2UyYl.pngAh, that isn't actually an email address, it is the userPrincipalName. There is the 'mail' attribute in AD to store a users email address, but this is single valued. There is also the 'otherMailbox' attribute and this can used multiple times. Rowland