samba - Nov 2021 - Using samba-tool to join a linux file server to the domain doesn't appear to work

On 11/4/21 10:06, David Mulder via samba wrote:
> 
> 
> On 11/4/21 9:01 AM, David Mulder via samba wrote:
>>
>>
>> On 11/4/21 8:59 AM, Patrick Goetz via samba wrote:
>>> Interesting.? Then I'm really confused as to why when I use
>>>
>>> ??? samba-tool domain join $domain MEMBER -U administrator
>>>
>>> The DNS A entry for the machine isn't created, but when I use
>>>
>>> ??? net ads join -U administrator
>>>
>>> it is. (same domain, same host joining)
>>>
>>
>> Well, you have to be using samba-tool domain join member in 4.15+. The 
>> samba-tool command is completely broken before that release ;)
>>
> 
> (facepalm) Or maybe it's because I neglected to call the 
> _net_ads_join_dns_updates() command in samba-tool domain join member.
> Let me see what I can do to fix this.
> 
While you're looking at this, would it be possible to add code to add a 
PTR record as well as the A record?  This would match the behavior for 
Windows AD controllers.

And as I mentioned in the previous email, anything that's automatically 
created should be automatically deleted, too, when a machine leaves the 
domain. Otherwise we're recreating the Windows registry in terms of 
cruft build up over time. Maybe there's no good way to do this, but I'm 
pretty sure the Windows AD servers do this as well.

On 11/4/21 9:43 AM, Patrick Goetz via samba wrote:
> 
> 
> On 11/4/21 10:06, David Mulder via samba wrote:
>>
>>
>> On 11/4/21 9:01 AM, David Mulder via samba wrote:
>>>
>>>
>>> On 11/4/21 8:59 AM, Patrick Goetz via samba wrote:
>>>> Interesting.? Then I'm really confused as to why when I use
>>>>
>>>> ??? samba-tool domain join $domain MEMBER -U administrator
>>>>
>>>> The DNS A entry for the machine isn't created, but when I
use
>>>>
>>>> ??? net ads join -U administrator
>>>>
>>>> it is. (same domain, same host joining)
>>>>
>>>
>>> Well, you have to be using samba-tool domain join member in 4.15+. 
>>> The samba-tool command is completely broken before that release ;)
>>>
>>
>> (facepalm) Or maybe it's because I neglected to call the 
>> _net_ads_join_dns_updates() command in samba-tool domain join member.
>> Let me see what I can do to fix this.
>>
> 
> While you're looking at this, would it be possible to add code to add a
> PTR record as well as the A record?? This would match the behavior for 
> Windows AD controllers.
> 
> And as I mentioned in the previous email, anything that's automatically
> created should be automatically deleted, too, when a machine leaves the 
> domain. Otherwise we're recreating the Windows registry in terms of 
> cruft build up over time. Maybe there's no good way to do this, but
I'm
> pretty sure the Windows AD servers do this as well.
> 
> 
Adding the PTR record as well should be trivial. I'll take a look.

-- 
*David Mulder*
Labs Software Engineer, Samba
SUSE
1800 Novell Place
Provo, UT 84606
(P)+1 801.861.6571
dmulder at suse.com
  <http://www.suse.com/>

Am 04.11.21 um 16:43 schrieb Patrick Goetz via samba:
> While you're looking at this, would it be possible to add code to add a
> PTR record as well as the A record?? This would match the behavior for 
> Windows AD controllers.
The default on Windows does not create the PTR. Usually you have to set 
up a GPO that the clients update their PTR.

I would also like this to happen automatically but by default the 
reverse zone is not created in a Samba AD. I don't know about Windows 
there but I doubt it done there.

Regards

Christian

-- 
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

BRAIN Biotech AG
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen