search for: dns20

...time to verify! Stop answering em if you don't know what you > speak about. Thank you. I do know what I am talking about, I at least have tested this. > > Here is a test I did for you start to understand better DNS and > perhaps stop telling stupid things: > > This server, dns20, uses as a resolver itself. > When asking for NS, there two: dc200 and dc100. > When asking SOA there is one: the name server which replied, it > replied "I am SOA". > > In AD DB SOA is dc200 which my FSMO. > > dns20:~# dig ad.dgfip.finances.gouv.fr > <http://...

.... > You don't even tried! You come here to me I'm wrong and you don't even took time to verify! Stop answering em if you don't know what you speak about. Thank you. Here is a test I did for you start to understand better DNS and perhaps stop telling stupid things: This server, dns20, uses as a resolver itself. When asking for NS, there two: dc200 and dc100. When asking SOA there is one: the name server which replied, it replied "I am SOA". In AD DB SOA is dc200 which my FSMO. dns20:~# dig ad.dgfip.finances.gouv.fr -t NS ; <<>> DiG 9.9.4-RedHat-9.9.4-29...

...and you don't even > > took time to verify! Stop answering em if you don't know what you speak > > about. Thank you. > > > > Here is a test I did for you start to understand better DNS and perhaps > > stop telling stupid things: > > > > This server, dns20, uses as a resolver itself. > > When asking for NS, there two: dc200 and dc100. > > When asking SOA there is one: the name server which replied, it replied > "I > > am SOA". > > > > In AD DB SOA is dc200 which my FSMO. > > > > dns20:~# dig ad.d...

SOA means "this DNS se'rver can modify the zone". Using Bind-DLZ all DNS servers can modify the AD zones, they all reply "I am the SOA" when you ask them about SOA for AD zones. Using Internal DNS I expect all DNS servers can modify the AD zones also (that's internal stuff) but even if they can modify the AD zone locally that's is not the process chosen by Samba

...ufresne AD.DOMAIN\mdufresne:*:12104:100:Mathias Dufresne (TEMP):/home/AD.DGFIP/mdufresne:/bin/false The smb.conf is: --------------------------------------------------------------------- # Global parameters [global] workgroup = AD.DOMAIN realm = AD.DOMAIN.TLD netbios name = DNS20 server role = active directory domain controller server services = -dns idmap_ldb:use rfc2307 = yes acl_xattr:ignore system acls = yes winbind nss info = rfc2307 [netlogon] path = /var/lib/samba/sysvol/ad.domain.tld/scripts read only = No...

...t; took time to verify! Stop answering em if you don't know what you speak > > > about. Thank you. > > > > > > Here is a test I did for you start to understand better DNS and perhaps > > > stop telling stupid things: > > > > > > This server, dns20, uses as a resolver itself. > > > When asking for NS, there two: dc200 and dc100. > > > When asking SOA there is one: the name server which replied, it replied > > "I > > > am SOA". > > > > > > In AD DB SOA is dc200 which my FSMO. > &g...

...ias Dufresne > (TEMP):/home/AD.DGFIP/mdufresne:/bin/false > > The smb.conf is: > --------------------------------------------------------------------- > # Global parameters > [global] > workgroup = AD.DOMAIN > realm = AD.DOMAIN.TLD > netbios name = DNS20 > server role = active directory domain controller > > server services = -dns > idmap_ldb:use rfc2307 = yes > > acl_xattr:ignore system acls = yes > winbind nss info = rfc2307 > > [netlogon] > path = /var/lib/samba/sysvol...

Hi Jonathan, Thank you for that, that solved the issue. Unfortunately I get another issue: on one DC id <user> gives "no such user". Adding domain (id ad.domain\\<user>) does not help. Adding the whole domain (id ad.domain.tld\\<user>) does not help more. I did checked PAM, NSS and Samba configurations, this server is using same configurations as the two working DC.