thr3ads.net - samba - [Samba] Problems with internal DNS [Oct 2019]

If this information is useful, please help other people find it:
Share via:

Thomas Schweikle

2019-Oct-22 14:52 UTC

[Samba] Problems with internal DNS

On Mon, Oct 21, 2019 at 5:03 PM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 21/10/2019 15:47, Thomas Schweikle via samba wrote:
> > Hi!
> >
> > Samba server set up for domain rufus.ada.de a proxy is reachable in
> > proxy.ada.de.
>
> How are you running Samba ?
>As ADDC.

Please post your smb.conf.>OK. Here it is:

[global]
        netbios name = AD01
        realm = RUFUS.ADA.DE
        server role = active directory domain controller
        workgroup = RUFUS
        idmap_ldb:use rfc2307 = yes
        allow dns updates = secure only
        dns forwarder = 172.18.8.1

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[netlogon]
        path = /var/lib/samba/sysvol/rodos.bfs.de/scripts
        read only = No

> Rowland
>

-- 
Thomas

Rowland penny

2019-Oct-22 15:07 UTC

head link

[Samba] Problems with internal DNS

On 22/10/2019 15:52, Thomas Schweikle wrote:>
> On Mon, Oct 21, 2019 at 5:03 PM Rowland penny via samba 
> <samba at lists.samba.org <mailto:samba at lists.samba.org>>
wrote:
>
>     On 21/10/2019 15:47, Thomas Schweikle via samba wrote:
>     > Hi!
>     >
>     > Samba server set up for domain rufus.ada.de
>     <http://rufus.ada.de> a proxy is reachable in
>     > proxy.ada.de <http://proxy.ada.de>.
>
>     How are you running Samba ?
>
> As ADDC.
>
>     Please post your smb.conf.
>
> OK. Here it is:
>
> [global]
> ? ? ? ? netbios name = AD01
> ? ? ? ? realm = RUFUS.ADA.DE <http://RUFUS.ADA.DE>
> ? ? ? ? server role = active directory domain controller
> ? ? ? ? workgroup = RUFUS
> ? ? ? ? idmap_ldb:use rfc2307 = yes
> ? ? ? ? allow dns updates = secure only
> ? ? ? ? dns forwarder = 172.18.8.1
>
> [sysvol]
> ? ? ? ? path = /var/lib/samba/sysvol
> ? ? ? ? read only = No
>
> [netlogon]
> ? ? ? ? path = /var/lib/samba/sysvol/rodos.bfs.de/scripts 
> <http://rodos.bfs.de/scripts>
> ? ? ? ? read only = No
First problem, netlogon says your dns domain is 'rodos.bfs.de' but your 
REALM is 'RUFUS.ADA.DE', ignoring the case, they must be the same.

Next, your AD DC must be Authoritative for the AD dns domain and your AD 
clients must use the DC as their first nameserver and anything it 
doesn't know, it asks its forwarder.

Your /etc/resolv.conf file on the DC should be:

search <your actual dns domain>
nameserver <your DCs ipaddress>

Rowland

Thomas Schweikle

2019-Oct-22 15:18 UTC

head link

[Samba] Problems with internal DNS

On Tue, Oct 22, 2019 at 5:07 PM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 22/10/2019 15:52, Thomas Schweikle wrote:
> >
> > On Mon, Oct 21, 2019 at 5:03 PM Rowland penny via samba
> > <samba at lists.samba.org <mailto:samba at
lists.samba.org>> wrote:
> >
> >     On 21/10/2019 15:47, Thomas Schweikle via samba wrote:
> >     > Hi!
> >     >
> >     > Samba server set up for domain rufus.ada.de
> >     <http://rufus.ada.de> a proxy is reachable in
> >     > proxy.ada.de <http://proxy.ada.de>.
> >
> >     How are you running Samba ?
> >
> > As ADDC.
> >
> >     Please post your smb.conf.
> >
> > OK. Here it is:
> >
> > [global]
> >         netbios name = AD01
> >         realm = RUFUS.ADA.DE <http://RUFUS.ADA.DE>
> >         server role = active directory domain controller
> >         workgroup = RUFUS
> >         idmap_ldb:use rfc2307 = yes
> >         allow dns updates = secure only
> >         dns forwarder = 172.18.8.1
> >
> > [sysvol]
> >         path = /var/lib/samba/sysvol
> >         read only = No
> >
> > [netlogon]
> >         path = /var/lib/samba/sysvol/rodos.bfs.de/scripts
> > <http://rodos.bfs.de/scripts>
> >         read only = No
>
> First problem, netlogon says your dns domain is 'rodos.bfs.de' but
your
> REALM is 'RUFUS.ADA.DE', ignoring the case, they must be the same.
>
Ahm yes. This was a mistake made by copy and paste ... I've corrected it.
It now reads:
  path = /var/lib/samba/sysvol/rufus.ada.de/scripts
<http://rodos.bfs.de/scripts>

> Next, your AD DC must be Authoritative for the AD dns domain and your AD
> clients must use the DC as their first nameserver and anything it
> doesn't know, it asks its forwarder.
>
> Your /etc/resolv.conf file on the DC should be:
>
> search <your actual dns domain>
> nameserver <your DCs ipaddress>
>
Does "localhost" work?
search ada.de.
domain ada.de
nameserver localhost

Or does it have to be the extern reachable address?

If I look at
samba   1500 root   47u  IPv6  26355      0t0  TCP *:53 (LISTEN)
samba   1500 root   49u  IPv6  26356      0t0  UDP *:53
samba   1500 root   50u  IPv4  26357      0t0  TCP *:53 (LISTEN)
samba   1500 root   51u  IPv4  26358      0t0  UDP *:53

samba binds to "*" aka "all addresses". But does it mean it
does not answer
to localhost incoming queries?

Rowland>
-- 
Thomas

samba - Oct 2019 - Problems with internal DNS

[Samba] Problems with internal DNS

[Samba] Problems with internal DNS

[Samba] Problems with internal DNS