Marco Shmerykowsky
2021-Jan-30 15:52 UTC
[Samba] How to Properly Configure Samba's Internal DNS
On 2021-01-30 10:35 am, Rowland penny via samba wrote:> On 30/01/2021 15:19, Marco Shmerykowsky via samba wrote: >> On 2021-01-30 9:31 am, Rowland penny via samba wrote: >>> On 30/01/2021 13:48, Marco Shmerykowsky via samba wrote: >>>> I have what though was a working Samba4 AD setup. >>>> However, in trying to troubleshoot a user's issues while >>>> connecting via a VPN, I begun to question if DNS >>>> is properly setup up. >>>> >>>> Each linux server has the following entries in >>>> resolv.conf: >>> >>> >>> What do mean by 'linux server' ? are you referring to a Unix domain >>> member or a Samba AD DC ? >> >> Two Samba AD DC's >> Two Samba Domain Member Servers >> >>> >>>> >>>> search ad-domain.company.com >>>> nameserver ip-of-FSMO-server >>> >>> I would list all Samba AD DC's on the Unix domain members and set >>> each >>> DC to use itself. >> >> I'll make the change and see what results >> >>>> >>>> Each linux server has a hosts file with an entry: >>>> >>>> unique-ip-address? machine#.ad-doamin.company.com machine# >>>> >>>> However, if I do nnslookup -> set type=SRV -> >>>> _ldap._tcp.ad-domain.company.com. >>>> >>>> instead of getting the results shown here: >>>> >>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Resolving_SRV_Records >>>> I get: >>>> >>>> Server:???????? ip-of-FSMO-server >>>> Address:??????? ip-of-FSMO-server#53 >>>> >>>> _ldap._tcp.ad-domain.company.com?????? service = 0 100 389 >>>> machine1.ad-domain.company.com. >>>> _ldap._tcp.ad-domain.company.com?????? service = 0 100 389 >>>> machine1.ad-domain.company.com. >>> >>> >>> I get something similar, only my difference is that mine lists both >>> of >>> my DC's, yours should list all your DC's >>> >>>> >>>> Further, if I try pinging hostnames on the FSMO-server, I only get >>>> positive >>>> results on 3 of 4 of my servers: >>>> >>>> ping ad-domain.company.com -> success >>>> >>>> ping machine1.ad-domain.company.com -> success >>>> ping machine2.ad-domain.company.com -> success >>>> ping machine3.ad-domain.company.com -> success >>>> ping machine4 -> fails with unknown host >>> >>> >>> They should all work, you seem to have dns problems. >> >> Agreed.? I never noticed it because GPO's and Drive Shares have >> been working well for two years. I just noticed something was >> amiss when we deployed a VPN. >> >> DNS is being provided by Samba.? How should I trouble shoot this? >> >>> >>> Rowland >> > are you using Bind9 ? > > if so, it could be the dns.keytab problem (it isn't created in the > bind-dns dir when you join a DC)No. SAMBA_INTERNAL
Rowland penny
2021-Jan-30 15:59 UTC
[Samba] How to Properly Configure Samba's Internal DNS
On 30/01/2021 15:52, Marco Shmerykowsky via samba wrote:> > On 2021-01-30 10:35 am, Rowland penny via samba wrote: >> On 30/01/2021 15:19, Marco Shmerykowsky via samba wrote: >>> On 2021-01-30 9:31 am, Rowland penny via samba wrote: >>>> On 30/01/2021 13:48, Marco Shmerykowsky via samba wrote: >>>>> I have what though was a working Samba4 AD setup. >>>>> However, in trying to troubleshoot a user's issues while >>>>> connecting via a VPN, I begun to question if DNS >>>>> is properly setup up. >>>>> >>>>> Each linux server has the following entries in >>>>> resolv.conf: >>>> >>>> >>>> What do mean by 'linux server' ? are you referring to a Unix domain >>>> member or a Samba AD DC ? >>> >>> Two Samba AD DC's >>> Two Samba Domain Member Servers >>> >>>> >>>>> >>>>> search ad-domain.company.com >>>>> nameserver ip-of-FSMO-server >>>> >>>> I would list all Samba AD DC's on the Unix domain members and set each >>>> DC to use itself. >>> >>> I'll make the change and see what results >>> >>>>> >>>>> Each linux server has a hosts file with an entry: >>>>> >>>>> unique-ip-address? machine#.ad-doamin.company.com machine# >>>>> >>>>> However, if I do nnslookup -> set type=SRV -> >>>>> _ldap._tcp.ad-domain.company.com. >>>>> >>>>> instead of getting the results shown here: >>>>> >>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Resolving_SRV_Records >>>>> I get: >>>>> >>>>> Server:???????? ip-of-FSMO-server >>>>> Address:??????? ip-of-FSMO-server#53 >>>>> >>>>> _ldap._tcp.ad-domain.company.com?????? service = 0 100 389 >>>>> machine1.ad-domain.company.com. >>>>> _ldap._tcp.ad-domain.company.com?????? service = 0 100 389 >>>>> machine1.ad-domain.company.com. >>>> >>>> >>>> I get something similar, only my difference is that mine lists both of >>>> my DC's, yours should list all your DC's >>>> >>>>> >>>>> Further, if I try pinging hostnames on the FSMO-server, I only get >>>>> positive >>>>> results on 3 of 4 of my servers: >>>>> >>>>> ping ad-domain.company.com -> success >>>>> >>>>> ping machine1.ad-domain.company.com -> success >>>>> ping machine2.ad-domain.company.com -> success >>>>> ping machine3.ad-domain.company.com -> success >>>>> ping machine4 -> fails with unknown host >>>> >>>> >>>> They should all work, you seem to have dns problems. >>> >>> Agreed.? I never noticed it because GPO's and Drive Shares have >>> been working well for two years. I just noticed something was >>> amiss when we deployed a VPN. >>> >>> DNS is being provided by Samba.? How should I trouble shoot this? >>> >>>> >>>> Rowland >>> >> are you using Bind9 ? >> >> if so, it could be the dns.keytab problem (it isn't created in the >> bind-dns dir when you join a DC) > > No. SAMBA_INTERNAL >Pity, it easy to fix bind9 ? You will just have to double check everything ? Rowland