Anantha Raghava
2017-May-24 03:39 UTC
[Samba] Problems in applying GPO and DNS domain name resolution issues
Hi, We are using Samba AD 4.6.3 and built it from source on CentOS 7. The DNS back end is BIND 9.9.4 Initially all replications were working fine and all group policies were getting applied. All of a sudden, we are finding that GPO applying process is erratic. Sometime it applies and sometimes not. We have edited the Default Policy using Windows RAST tool. Thinking that ACLs on "Sysvol" are incorrect, we reset the SYSVOL using "samba-tool ntacl sysvolrest" command. The problems are persisting. Many client workstations, do not get the policies. Another observation: The DNS,when queried for domain name throws up the domain controller address randomly. That is we have 3 Domain controllers and two of them are turned off for confirming whether there is any network issues. DNS randomly throws up the domain controller details that are turned off and the client workstation reports, cannot find the domain controller. Now our questions are: a. Why the policy deployment is erratic? and b. Is there a manner in which we can set the Domain Controller priorities in DNS? Await some guidance. -- Thanks & Regards, Anantha Raghava DISCLAIMER: This e-mail communication and any attachments may be privileged and confidential to eXza Technology Consulting & Services, and are intended only for the use of the recipients named above If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. Do not print this e-mail unless required. Save Paper & trees.
L.P.H. van Belle
2017-May-24 07:29 UTC
[Samba] Problems in applying GPO and DNS domain name resolution issues
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Anantha Raghava via samba > Verzonden: woensdag 24 mei 2017 5:39 > Aan: samba at lists.samba.org > CC: ravi.bhat at ardos.in > Onderwerp: [Samba] Problems in applying GPO and DNS domain > name resolution issues > > Hi, > > We are using Samba AD 4.6.3 and built it from source on > CentOS 7. The DNS back end is BIND 9.9.4.....> > Thinking that ACLs on "Sysvol" are incorrect, we reset the > SYSVOL using "samba-tool ntacl sysvolrest" command. The > problems are persisting. Many client workstations, do not get > the policies.Add user system to sysvol, and dont run samba-tool ntacl sysvolreset again. Your GPOs should work fine, if not post the windows event id.> > Another observation: > > The DNS,when queried for domain name throws up the domain > controller address randomly. That is we have 3 Domain > controllers and two of them are turned off for confirming > whether there is any network issues. DNS randomly throws up > the domain controller details that are turned off and the > client workstation reports, cannot find the domain controller.Now thats something ive seen also. I see for example, my SOA record is set to DC2. i can change that to DC1 up the serial number. Wait five min, check again, SOA back to DC2. Why cant explain it. I ignore it, everything works fine here. For you, check in the DNS, with RSAT, in _msdcs.your.domain.tld. Are all the Aliase (CNAME) dc's there in GUID. And do you see all host A record for the DC's there?> > Now our questions are: > > a. Why the policy deployment is erratic?It not, its just a bug in the samba-tool script, it expects certain rights. Windows sets other rights.> > b. Is there a manner in which we can set the Domain > Controller priorities in DNS?Yes you can. More info about that in : https://technet.microsoft.com/en-us/library/cc978267.aspx https://technet.microsoft.com/en-us/library/cc772592 But this should not be needed, and i dont advice it to set it. If you setup is correct, you should be able to login even when you turn off 2 out of 3 DC.s Greetz, Louis> > Await some guidance. > > -- > > Thanks & Regards, > > > Anantha Raghava > > > > DISCLAIMER: > This e-mail communication and any attachments may be privileged and > confidential to eXza Technology Consulting & Services, and > are intended > only for the use of the recipients named above If you are not the > addressee you may not copy, forward, disclose or use any part > of it. If > you have received this message in error, please delete it and > all copies > from your system and notify the sender immediately by return e-mail. > Internet communications cannot be guaranteed to be timely, > secure, error > or virus-free. The sender does not accept liability for any errors or > omissions. > > > Do not print this e-mail unless required. Save Paper & trees. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >