On 11/06/2020 14:04, Bob Wooden via samba wrote:> In my previous AD domain, my FQDN was a non-registered (fake) domain > that has worked for years. For example "fakedomainname.intials", like > "domain.dt". This started, back in the day when we were suspose to > stop using *.local (like MS always suggested.) It worked so I never > looked back.It sounds from that, that you are now using something like 'myregistereddomain.com', if so, please don't, use 'ad.myregistereddomain.com' or similar instead.> Here are your answers. Please notice the > "/var/lib/samba/bind-dns/named.conf" bolded differences at the end.I did> root at dc01:~# cat /etc/krb5.confYou only need: [libdefaults] ??? default_realm = EXAMPLE.COM ??? dns_lookup_realm = false ??? dns_lookup_kdc = true> root at dc01:~# cat /etc/bind/named.conf.optionsTry this version: options { ??????? directory "/var/cache/bind"; ??????? notify no; ??????? empty-zones-enable no; ??????? forwarders { ??????????? 8.8.8.8; 8.8.4.4; ??????? }; ??????? dnssec-validation no; ??????? auth-nxdomain yes; ??????? listen-on-v6 { any; }; ??????? // Use the first one of the next two lines if it exists, else use the last ??????? tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab"; ??????? //tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; };> root at dc01:~# cat /etc/bind/named.conf.local > > // adding the Samba dlopen ( Bind DLZ ) module include > "/usr/local/samba/private/named.conf";If that is really on one line, it should be two It would seem that you are building Samba yourself, you can get 4.11 packages from Louis's repo: http://apt.van-belle.nl/ He also does 4.12 packages for 20.04 and he has an howto for 18.04: https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt Probably worth a read ;-) Rowland
See below. (Sent from home location.) Bob Wooden On 6/11/20 8:49 AM, Rowland penny via samba wrote:> On 11/06/2020 14:04, Bob Wooden via samba wrote: >> In my previous AD domain, my FQDN was a non-registered (fake) domain >> that has worked for years. For example "fakedomainname.intials", like >> "domain.dt". This started, back in the day when we were suspose to >> stop using *.local (like MS always suggested.) It worked so I never >> looked back. > It sounds from that, that you are now using something like > 'myregistereddomain.com', if so, please don't, use > 'ad.myregistereddomain.com' or similar instead.I think maybe you misunderstood what I meant (above). In my _previous_ (as in my existing AD) I used a fake "domainname.dt". In this /NEW/ AD, I am using a FQDN obtained from a domain registrar (who's company name I am politely avoiding advertising for them here on the mailing list.) So your saying use "ad.myregistereddomain.com" anywhere I am currently using "myregistereddomain.com". As in the "ad.myregistereddomain.com" becomes the domain and there for "hostname -f" would return "dchost.ad.myregistereddomain.com" when called?
On 11/06/2020 15:44, Bob Wooden via samba wrote:> See below. > > (Sent from home location.) > > Bob Wooden > > On 6/11/20 8:49 AM, Rowland penny via samba wrote: >> On 11/06/2020 14:04, Bob Wooden via samba wrote: >>> In my previous AD domain, my FQDN was a non-registered (fake) domain >>> that has worked for years. For example "fakedomainname.intials", >>> like "domain.dt". This started, back in the day when we were suspose >>> to stop using *.local (like MS always suggested.) It worked so I >>> never looked back. >> It sounds from that, that you are now using something like >> 'myregistereddomain.com', if so, please don't, use >> 'ad.myregistereddomain.com' or similar instead. > > I think maybe you misunderstood what I meant (above). In my _previous_ > (as in my existing AD) I used a fake "domainname.dt". > > In this /NEW/ AD, I am using a FQDN obtained from a domain registrar > (who's company name I am politely avoiding advertising for them here > on the mailing list.) > > So your saying use "ad.myregistereddomain.com" anywhere I am currently > using "myregistereddomain.com". As in the "ad.myregistereddomain.com" > becomes the domain and there for "hostname -f" would return > "dchost.ad.myregistereddomain.com" when called? >Yes, see here: https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ#Subdomain_of_a_Domain_You_Own Rowland