Rowland Penny
2021-Nov-04 16:09 UTC
[Samba] Using samba-tool to join a linux file server to the domain doesn't appear to work
On Thu, 2021-11-04 at 11:00 -0500, Patrick Goetz via samba wrote:> > On 11/4/21 10:49, cn--- via samba wrote: > > Am 04.11.21 um 16:43 schrieb Patrick Goetz via samba: > > > While you're looking at this, would it be possible to add code to > > > add > > > a PTR record as well as the A record? This would match the > > > behavior > > > for Windows AD controllers. > > > > The default on Windows does not create the PTR. Usually you have to > > set > > up a GPO that the clients update their PTR. > > > > I have no idea, but I checked with one of my colleagues who is a > Windows > guru/domain admin, and he insisted that both an A and PTR record are > created for the domain member when you join the (Windows server) > domain.He has probably inherited a domain that has a GPO set to do this (or something similar), Windows does not, out of the box, create reverse records.> > The caveat to this is the AD domain at my university is an > unbelievable > mess that they've tinkered with for over a decade.You just described all places of learning, they all appear to be a mess, probably because all teachers think they know everything and usually know nothing.> Imagine a book > written by 100 monkeys, each with their own typewriter with pages > assembled by an inebriated octopus, and you won't be too far off.Sounds about right.> > > I would also like this to happen automatically but by default the > > reverse zone is not created in a Samba AD. I don't know about > > Windows > > there but I doubt it done there.Windows will work without a reverse zone, so it isn't created by default, but as they have found out, everything else that Windows works with will not. Rowland
Patrick Goetz
2021-Nov-04 16:55 UTC
[Samba] Using samba-tool to join a linux file server to the domain doesn't appear to work
On 11/4/21 11:09, Rowland Penny via samba wrote:> On Thu, 2021-11-04 at 11:00 -0500, Patrick Goetz via samba wrote: >> >> On 11/4/21 10:49, cn--- via samba wrote: >>> Am 04.11.21 um 16:43 schrieb Patrick Goetz via samba: >>>> While you're looking at this, would it be possible to add code to >>>> add >>>> a PTR record as well as the A record? This would match the >>>> behavior >>>> for Windows AD controllers. >>> >>> The default on Windows does not create the PTR. Usually you have to >>> set >>> up a GPO that the clients update their PTR. >>> >> >> I have no idea, but I checked with one of my colleagues who is a >> Windows >> guru/domain admin, and he insisted that both an A and PTR record are >> created for the domain member when you join the (Windows server) >> domain. > > He has probably inherited a domain that has a GPO set to do this (or > something similar), Windows does not, out of the box, create reverse > records. >Several people have mentioned that this can be done via GPO, but I can't fathom what kind of GPO this be. Where would it be applied? Is there a special GPO template for things like this?>> >> The caveat to this is the AD domain at my university is an >> unbelievable >> mess that they've tinkered with for over a decade. > > You just described all places of learning, they all appear to be a > mess, probably because all teachers think they know everything and > usually know nothing. > >> Imagine a book >> written by 100 monkeys, each with their own typewriter with pages >> assembled by an inebriated octopus, and you won't be too far off. > > Sounds about right. > >> >>> I would also like this to happen automatically but by default the >>> reverse zone is not created in a Samba AD. I don't know about >>> Windows >>> there but I doubt it done there. > > Windows will work without a reverse zone, so it isn't created by > default, but as they have found out, everything else that Windows works > with will not. > > Rowland > > >
L.P.H. van Belle
2021-Nov-05 09:21 UTC
[Samba] Using samba-tool to join a linux file server to the domain doesn't appear to work
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Patrick Goetz via samba > Verzonden: donderdag 4 november 2021 17:55 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Using samba-tool to join a linux file > server to the domain doesn't appear to work > > > > On 11/4/21 11:09, Rowland Penny via samba wrote: > > On Thu, 2021-11-04 at 11:00 -0500, Patrick Goetz via samba wrote: > >> > >> On 11/4/21 10:49, cn--- via samba wrote: > >>> Am 04.11.21 um 16:43 schrieb Patrick Goetz via samba: > >>>> While you're looking at this, would it be possible to add code to > >>>> add > >>>> a PTR record as well as the A record? This would match the > >>>> behavior > >>>> for Windows AD controllers. > >>> > >>> The default on Windows does not create the PTR. Usually > you have to > >>> set > >>> up a GPO that the clients update their PTR. > >>> > >> > >> I have no idea, but I checked with one of my colleagues who is a > >> Windows > >> guru/domain admin, and he insisted that both an A and PTR > record are > >> created for the domain member when you join the (Windows server) > >> domain. > > > > He has probably inherited a domain that has a GPO set to do this (or > > something similar), Windows does not, out of the box, create reverse > > records. > > > > Several people have mentioned that this can be done via GPO, > but I can't > fathom what kind of GPO this be. Where would it be applied? > Is there a special GPO template for things like this?As said, make sure your servers have a A and PTR record. PC's, only A record is suffient, but if you need it, you can add the PTR by GPO.> > > >> > >> The caveat to this is the AD domain at my university is an > >> unbelievable mess that they've tinkered with for over a decade. > > > > You just described all places of learning, they all appear to be a > > mess, probably because all teachers think they know everything and > > usually know nothing. > > > >> Imagine a book > >> written by 100 monkeys, each with their own typewriter with pages > >> assembled by an inebriated octopus, and you won't be too far off. > > > > Sounds about right. > > > >> > >>> I would also like this to happen automatically but by default the > >>> reverse zone is not created in a Samba AD. I don't know about > >>> Windows > >>> there but I doubt it done there. > > > > Windows will work without a reverse zone, so it isn't created by > > default, but as they have found out, everything else that > > Windows works with will not.Small correction here, windows "does" attempt to register PTR records (by default). And yes, Windows will work without reverse zone, but from a windows point of view, a reverse zone is offent created after/at the DHCP is setup. The main reason its not created by default, no computer can determin the subnet. I can have my pc's in (*example) 192.168.1.0/16 while the servers use 192.168.0.0/24 But by default, DNS clients configured to perform dynamic DNS registration will attempt to register PTR resource record only if they successfully registered the corresponding A resource record. Its in de default Windows template. https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.DNSClient::DNS_RegisterReverseLookup Simple way to verify if windows got all info correct. Run : CMD Type: ipconfig , look at these values, these must match with the primary dns domain of the AD-DC. Primary Dns Suffix . . . . . . . : your.primarydns.domain.tld <<< its all about this one. DNS Suffix Search List. . . . . . : your.primarydns.domain.tld * Connection-specific DNS Suffix . : your.primarydns.domain.tld * That makes sure the A record gets in the right zone. (* these can be different, but i suggest start here, complex enough already. ) Greetz, Louis