Patrick Goetz
2021-Nov-04 09:25 UTC
[Samba] Potential inconsistency in Samba DNS server when used with `samba-tool domain join`
Hi Louis - On 11/4/21 03:50, L.P.H. van Belle via samba wrote:> Hai, > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Patrick Goetz via samba >> Verzonden: woensdag 3 november 2021 21:38 >> Aan: Samba listserv >> Onderwerp: [Samba] Potential inconsistency in Samba DNS >> server when used with `samba-tool domain join` >> >> >> I think there might be a problem with using `samba-tool >> domain join` to >> join a domain, as I've noticed some inconsistencies in whether or not >> the new client is picked up by DNS. Presently: >> >> root at atomsmasher:~# net ads leave -U Administrator >> Password for [EA\Administrator]: >> Deleted account for 'ATOMSMASHER' in realm 'EA.LINUXCS.COM' >> >> >> But >> >> root at samba-dc:~# host atomsmasher >> atomsmasher.ea.linuxcs.com has address 192.168.1.82 >> >> root at samba-dc:~# samba-tool computer list >> DATA2$ >> IBS100$ >> SAMBA-DC$ >> > host atomsmasher name resolving (dns) > samba-tool computer list (name resolving AD-objects) > 2 different things. > >> >> How do I get the machine out of the Samba DNS so that I can >> see if what >> I observed previously is repeatable? I noticed I didn't have >> a DNS entry >> for this host, so left and rejoined the domain using >> samba-tool several >> times, never getting a DNS entry for it. Then I joined using >> `net ads >> join` and it was in DNS immediately. I want to see of this is >> repeatable. >> >> I might have to abandon Samba DNS and install bind as per Louis' >> recommendation. I'm finding the Samba DNS to be hard to work >> with since >> there doesn't seem to be any way to interact with it directly. >> > > If you use the windows tools, you dont see the computer untill you refresh. > With samba tool : > sudo samba-tool dns query YOUR_AD-DC_HOSTNAME(.FQDN) primary-dnsdomainname NAME2CHECKOUT A -UAdministrator > > So for you : sudo samba-tool dns query samba-dc ea.linuxcs.com atomsmasher A -UAdministrator >My bad for not having read through the entirety of https://www.samba.org/samba/docs/current/man-html/samba-tool.8.html So, I can manage the DNS entries for Samba DNS by hand. That should probably be mentioned in the Wiki here: https://wiki.samba.org/index.php/The_Samba_AD_DNS_Back_Ends If no one beats me to it, I'll add some stuff to this page over the weekend However, shouldn't the DNS entry for a client be removed automatically when the client leaves the domain? root at atomsmasher:~# net ads leave -U Administrator Password for [EA\Administrator]: Deleted account for 'ATOMSMASHER' in realm 'EA.LINUXCS.COM' root at samba-dc:~# samba-tool dns query samba-dc ea.linuxcs.com atomsmasher A -UAdministrator Password for [EA\Administrator]: Name=, Records=1, Children=0 A: 192.168.1.82 (flags=f0, serial=110, ttl=3600) But in any case, I can now proceed with testing. Thanks!> Greetz, > > Louis > >
Rowland Penny
2021-Nov-04 09:32 UTC
[Samba] Potential inconsistency in Samba DNS server when used with `samba-tool domain join`
On Thu, 2021-11-04 at 04:25 -0500, Patrick Goetz via samba wrote:> > However, shouldn't the DNS entry for a client be removed > automatically > when the client leaves the domain?In a great many cases, a computer leaves the domain, an adjustment is made and it then rejoins the domain. If the leave was to remove the dns as well, then you may have to recreate the dns records manually again. Rowland