Jonathan S. Fisher
2015-Nov-30 20:30 UTC
[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
Same results with that command. And the same DNS query occurred On Mon, Nov 30, 2015 at 2:20 PM, Rowland Penny <rowlandpenny241155 at gmail.com> wrote:> On 30/11/15 20:01, Jonathan S. Fisher wrote: > >> Hey guys, >> >> I've successfully joined the domain with "sudo net ads join -k". However, >> when I try to run this: "sudo net rpc info" I get this error: "Unable to >> find a suitable server for domain WINDOWS" >> >> I dumped the DNS requests and it looks like the problem is that it's >> asking >> for ldap entries under the workgroup name, not the FQDN: >> >> From Wireshark: >> >> Queries >> _ldap._tcp.pdc._msdcs.WINDOWS: type SRV, class IN >> Name: _ldap._tcp.pdc._msdcs.WINDOWS >> >> Ok great, so if I dig that with the command: "dig >> _ldap._tcp.pdc._msdcs.WINDOWS" dig times out. If I dig the FQDN: "dig >> _ldap._tcp.pdc._msdcs.WINDOWS.CORP.XXX.COM" I get a response instantly. >> >> Is this a problem with my windows domain controller (how do I make it >> respond to those queries)? Or is this a problem with my samba setup? >> >> Samba version: 4.2.5-SerNet-Ubuntu-8.trusty >> >> Here is my smb.conf: >> >> [global] >> security=ads >> realm=WINDOWS.CORP.XXX.COM >> workgroup=WINDOWS >> domain master=no >> local master=no >> preferred master=no >> load printers=no >> printing=bsd >> printcap name=/dev/null >> disable spoolss=yes >> idmap backend=tdb >> idmap uid=10000-99999 >> idmap gid=10000-99999 >> winbind enum users=yes >> winbind enum groups=yes >> winbind use default domain=yes >> winbind nested groups=yes >> winbind refresh tickets=yes >> winbind offline logon=yes >> template shell=/bin/false >> client use spnego=yes >> client ntlmv2 auth=yes >> encrypt passwords=yes >> restrict anonymous=2 >> log file=/var/log/samba/samba.log >> log level=2 >> dcerpc endpoint servers=remote >> wins support=no >> >> > Try it like this: sudo net rpc info -UAdministrator > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Email Confidentiality Notice: The information contained in this transmission is confidential, proprietary or privileged and may be subject to protection under the law, including the Health Insurance Portability and Accountability Act (HIPAA). The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this email and delete the material from any computer.
Rowland Penny
2015-Nov-30 20:43 UTC
[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
On 30/11/15 20:30, Jonathan S. Fisher wrote:> Same results with that command. And the same DNS query occurred > > On Mon, Nov 30, 2015 at 2:20 PM, Rowland Penny > <rowlandpenny241155 at gmail.com <mailto:rowlandpenny241155 at gmail.com>> > wrote: > > On 30/11/15 20:01, Jonathan S. Fisher wrote: > > Hey guys, > > I've successfully joined the domain with "sudo net ads join > -k". However, > when I try to run this: "sudo net rpc info" I get this error: > "Unable to > find a suitable server for domain WINDOWS" > > I dumped the DNS requests and it looks like the problem is > that it's asking > for ldap entries under the workgroup name, not the FQDN: > > From Wireshark: > > Queries > _ldap._tcp.pdc._msdcs.WINDOWS: type SRV, class IN > Name: _ldap._tcp.pdc._msdcs.WINDOWS > > Ok great, so if I dig that with the command: "dig > _ldap._tcp.pdc._msdcs.WINDOWS" dig times out. If I dig the > FQDN: "dig > _ldap._tcp.pdc._msdcs.WINDOWS.CORP.XXX.COM > <http://msdcs.WINDOWS.CORP.XXX.COM>" I get a response instantly. > > Is this a problem with my windows domain controller (how do I > make it > respond to those queries)? Or is this a problem with my samba > setup? > > Samba version: 4.2.5-SerNet-Ubuntu-8.trusty > > Here is my smb.conf: > > [global] > security=ads > realm=WINDOWS.CORP.XXX.COM <http://WINDOWS.CORP.XXX.COM> > workgroup=WINDOWS > domain master=no > local master=no > preferred master=no > load printers=no > printing=bsd > printcap name=/dev/null > disable spoolss=yes > idmap backend=tdb > idmap uid=10000-99999 > idmap gid=10000-99999 > winbind enum users=yes > winbind enum groups=yes > winbind use default domain=yes > winbind nested groups=yes > winbind refresh tickets=yes > winbind offline logon=yes > template shell=/bin/false > client use spnego=yes > client ntlmv2 auth=yes > encrypt passwords=yes > restrict anonymous=2 > log file=/var/log/samba/samba.log > log level=2 > dcerpc endpoint servers=remote > wins support=no > > > Try it like this: sudo net rpc info -UAdministrator > > Rowland > >OK, what have you got in /etc/resolv.conf & /etc/krb5.conf Rowland
Jonathan S. Fisher
2015-Nov-30 20:52 UTC
[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
/etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.127.129
search windows.corp.XXX.com
/etc/hosts
127.0.0.1 localhost
127.0.1.1 freeradius.windows.corp.XXX.com freeradius
192.168.127.131 whiskey.windows.corp.XXX.com whiskey
192.168.112.4 wine..windows.corp.XXX.com wine
/etc/krb5.conf
[libdefaults]
default_realm = WINDOWS.CORP.XXX.COM
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
WINDOWS.CORP.XXX.COM = {
kdc = whiskey.windows.corp.XXX.com:88
kdc = wine.windows.corp.XXX.com:88
admin_server = whiskey.windows.corp.XXX.com:749
}
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
[domain_realm]
.windows.corp.XXX.com = WINDOWS.CORP.XXX.COM
windows.corp.XXX.com = WINDOWS.CORP.XXX.COM
[login]
krb4_convert = true
krb4_get_tickets = false
On Mon, Nov 30, 2015 at 2:43 PM, Rowland Penny <rowlandpenny241155 at
gmail.com> wrote:
> On 30/11/15 20:30, Jonathan S. Fisher wrote:
>
>> Same results with that command. And the same DNS query occurred
>>
>> On Mon, Nov 30, 2015 at 2:20 PM, Rowland Penny <
>> rowlandpenny241155 at gmail.com <mailto:rowlandpenny241155 at
gmail.com>>
>> wrote:
>>
>> On 30/11/15 20:01, Jonathan S. Fisher wrote:
>>
>> Hey guys,
>>
>> I've successfully joined the domain with "sudo net ads
join
>> -k". However,
>> when I try to run this: "sudo net rpc info" I get
this error:
>> "Unable to
>> find a suitable server for domain WINDOWS"
>>
>> I dumped the DNS requests and it looks like the problem is
>> that it's asking
>> for ldap entries under the workgroup name, not the FQDN:
>>
>> From Wireshark:
>>
>> Queries
>> _ldap._tcp.pdc._msdcs.WINDOWS: type SRV, class IN
>> Name: _ldap._tcp.pdc._msdcs.WINDOWS
>>
>> Ok great, so if I dig that with the command: "dig
>> _ldap._tcp.pdc._msdcs.WINDOWS" dig times out. If I dig
the
>> FQDN: "dig
>> _ldap._tcp.pdc._msdcs.WINDOWS.CORP.XXX.COM
>> <http://msdcs.WINDOWS.CORP.XXX.COM>" I get a
response instantly.
>>
>> Is this a problem with my windows domain controller (how do I
>> make it
>> respond to those queries)? Or is this a problem with my samba
>> setup?
>>
>> Samba version: 4.2.5-SerNet-Ubuntu-8.trusty
>>
>> Here is my smb.conf:
>>
>> [global]
>> security=ads
>> realm=WINDOWS.CORP.XXX.COM <http://WINDOWS.CORP.XXX.COM>
>>
>> workgroup=WINDOWS
>> domain master=no
>> local master=no
>> preferred master=no
>> load printers=no
>> printing=bsd
>> printcap name=/dev/null
>> disable spoolss=yes
>> idmap backend=tdb
>> idmap uid=10000-99999
>> idmap gid=10000-99999
>> winbind enum users=yes
>> winbind enum groups=yes
>> winbind use default domain=yes
>> winbind nested groups=yes
>> winbind refresh tickets=yes
>> winbind offline logon=yes
>> template shell=/bin/false
>> client use spnego=yes
>> client ntlmv2 auth=yes
>> encrypt passwords=yes
>> restrict anonymous=2
>> log file=/var/log/samba/samba.log
>> log level=2
>> dcerpc endpoint servers=remote
>> wins support=no
>>
>>
>> Try it like this: sudo net rpc info -UAdministrator
>>
>> Rowland
>>
>>
>>
> OK, what have you got in /etc/resolv.conf & /etc/krb5.conf
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Email Confidentiality Notice: The information contained in this
transmission is confidential, proprietary or privileged and may be subject
to protection under the law, including the Health Insurance Portability and
Accountability Act (HIPAA). The message is intended for the sole use of the
individual or entity to whom it is addressed. If you are not the intended
recipient, you are notified that any use, distribution or copying of the
message is strictly prohibited and may subject you to criminal or civil
penalties. If you received this transmission in error, please contact the
sender immediately by replying to this email and delete the material from
any computer.
Mgr. Peter Tuharsky
2019-Jan-11 12:18 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
Hi folks, I have set up Samba AD with BIND9 DLZ backend, hopefully accordingly to online wiki manual. Now, the DNS service seems working to some extent, since AD logons work and I can resolve the simple hostnames that I added to Samba DNS records. But what bothers me - that DNS cannot resolve FQDNs of these machines, even from the server console. To be more exact, nslookup does resolve them, while ping dosen't (nor the CUPS service, thus rendering network print useless). Please, does somebody have a clue, what goes wrong here?
Rowland Penny
2019-Jan-11 13:31 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
On Fri, 11 Jan 2019 13:18:58 +0100 "Mgr. Peter Tuharsky via samba" <samba at lists.samba.org> wrote:> Hi folks, > > I have set up Samba AD with BIND9 DLZ backend, hopefully accordingly > to online wiki manual. > > Now, the DNS service seems working to some extent, since AD logons > work and I can resolve the simple hostnames that I added to Samba DNS > records. > > But what bothers me - that DNS cannot resolve FQDNs of these machines, > even from the server console. To be more exact, nslookup does resolve > them, while ping dosen't (nor the CUPS service, thus rendering network > print useless). > > Please, does somebody have a clue, what goes wrong here? > > >Nope, haven't got a clue ;-) I might have said this before, but I will say it again, why do you think we can help you, if you do not give us anything but 'it doesn't work' ? What OS ? What Samba version ? What Bind version ? What is in smb.conf ? What is in your named.conf files ? Rowland
L.P.H. van Belle
2019-Jan-11 13:55 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
> > > > Please, does somebody have a clue, what goes wrong here? > > > > > > > > Nope, haven't got a clue ;-)Not? Rowland not? really.. ;-) I'm a gambler so here you go ;-) Hmm, first 3 guesses.. Typos in primary DNS/Search domain. ( /etc/resolv.conf ) Typos in /etc/hosts Why. Ping host works ( host file ) ip host.fqdn host Ping host.fqdn does not, (host file or resolv.conf or typo in bind config. ) Search dns.domain.tld domain.tld. <-> mismatch with bind config. Something like this is my guess.> > I might have said this before, but I will say it again, why do you > think we can help you, if you do not give us anything but 'it doesn't > work' ? > > What OS ? > What Samba version ? > What Bind version ? > What is in smb.conf ? > What is in your named.conf files ?The configs will tell whats going on.. :-)> > RowlandGreetz, Louis