L.P.H. van Belle
2021-Nov-04 08:50 UTC
[Samba] Potential inconsistency in Samba DNS server when used with `samba-tool domain join`
Hai,> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Patrick Goetz via samba > Verzonden: woensdag 3 november 2021 21:38 > Aan: Samba listserv > Onderwerp: [Samba] Potential inconsistency in Samba DNS > server when used with `samba-tool domain join` > > > I think there might be a problem with using `samba-tool > domain join` to > join a domain, as I've noticed some inconsistencies in whether or not > the new client is picked up by DNS. Presently: > > root at atomsmasher:~# net ads leave -U Administrator > Password for [EA\Administrator]: > Deleted account for 'ATOMSMASHER' in realm 'EA.LINUXCS.COM' > > > But > > root at samba-dc:~# host atomsmasher > atomsmasher.ea.linuxcs.com has address 192.168.1.82 > > root at samba-dc:~# samba-tool computer list > DATA2$ > IBS100$ > SAMBA-DC$ >host atomsmasher name resolving (dns) samba-tool computer list (name resolving AD-objects) 2 different things.> > How do I get the machine out of the Samba DNS so that I can > see if what > I observed previously is repeatable? I noticed I didn't have > a DNS entry > for this host, so left and rejoined the domain using > samba-tool several > times, never getting a DNS entry for it. Then I joined using > `net ads > join` and it was in DNS immediately. I want to see of this is > repeatable. > > I might have to abandon Samba DNS and install bind as per Louis' > recommendation. I'm finding the Samba DNS to be hard to work > with since > there doesn't seem to be any way to interact with it directly. >If you use the windows tools, you dont see the computer untill you refresh. With samba tool : sudo samba-tool dns query YOUR_AD-DC_HOSTNAME(.FQDN) primary-dnsdomainname NAME2CHECKOUT A -UAdministrator So for you : sudo samba-tool dns query samba-dc ea.linuxcs.com atomsmasher A -UAdministrator Greetz, Louis
Patrick Goetz
2021-Nov-04 09:25 UTC
[Samba] Potential inconsistency in Samba DNS server when used with `samba-tool domain join`
Hi Louis - On 11/4/21 03:50, L.P.H. van Belle via samba wrote:> Hai, > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Patrick Goetz via samba >> Verzonden: woensdag 3 november 2021 21:38 >> Aan: Samba listserv >> Onderwerp: [Samba] Potential inconsistency in Samba DNS >> server when used with `samba-tool domain join` >> >> >> I think there might be a problem with using `samba-tool >> domain join` to >> join a domain, as I've noticed some inconsistencies in whether or not >> the new client is picked up by DNS. Presently: >> >> root at atomsmasher:~# net ads leave -U Administrator >> Password for [EA\Administrator]: >> Deleted account for 'ATOMSMASHER' in realm 'EA.LINUXCS.COM' >> >> >> But >> >> root at samba-dc:~# host atomsmasher >> atomsmasher.ea.linuxcs.com has address 192.168.1.82 >> >> root at samba-dc:~# samba-tool computer list >> DATA2$ >> IBS100$ >> SAMBA-DC$ >> > host atomsmasher name resolving (dns) > samba-tool computer list (name resolving AD-objects) > 2 different things. > >> >> How do I get the machine out of the Samba DNS so that I can >> see if what >> I observed previously is repeatable? I noticed I didn't have >> a DNS entry >> for this host, so left and rejoined the domain using >> samba-tool several >> times, never getting a DNS entry for it. Then I joined using >> `net ads >> join` and it was in DNS immediately. I want to see of this is >> repeatable. >> >> I might have to abandon Samba DNS and install bind as per Louis' >> recommendation. I'm finding the Samba DNS to be hard to work >> with since >> there doesn't seem to be any way to interact with it directly. >> > > If you use the windows tools, you dont see the computer untill you refresh. > With samba tool : > sudo samba-tool dns query YOUR_AD-DC_HOSTNAME(.FQDN) primary-dnsdomainname NAME2CHECKOUT A -UAdministrator > > So for you : sudo samba-tool dns query samba-dc ea.linuxcs.com atomsmasher A -UAdministrator >My bad for not having read through the entirety of https://www.samba.org/samba/docs/current/man-html/samba-tool.8.html So, I can manage the DNS entries for Samba DNS by hand. That should probably be mentioned in the Wiki here: https://wiki.samba.org/index.php/The_Samba_AD_DNS_Back_Ends If no one beats me to it, I'll add some stuff to this page over the weekend However, shouldn't the DNS entry for a client be removed automatically when the client leaves the domain? root at atomsmasher:~# net ads leave -U Administrator Password for [EA\Administrator]: Deleted account for 'ATOMSMASHER' in realm 'EA.LINUXCS.COM' root at samba-dc:~# samba-tool dns query samba-dc ea.linuxcs.com atomsmasher A -UAdministrator Password for [EA\Administrator]: Name=, Records=1, Children=0 A: 192.168.1.82 (flags=f0, serial=110, ttl=3600) But in any case, I can now proceed with testing. Thanks!> Greetz, > > Louis > >