Re: [Samba] Active Directory DNS Registration
On Thu, Dec 3, 2009 at 7:31 AM, Casey Allen Shobe ca...@shobe.info wrote: Hi, I'm using a domain where the DNS is hosted by a couple of domain controllers on the network, outside of my control. I do have ability to work with group policy and active directory users and computers. I was able to join a samba/linux computer to the domain using 'net rpc join -S IP of local DC/DNS server'. This caused an entry for the computer to show up in Active Directory, however the name is in lower-case letters whereas all the Windows computers show up in upper-case, and if I view properties on the object, it doesn't show any details like an O/S or anything else. I am then able to resolve the samba host by name just like I can for Windows computers *from a Windows computer only*. While a linux computer is capable of resolving windows hosts by name since it's using the Windows DC as the DNS server, for whatever reason it cannot resolve samba hosts by name. Can anybody please point out what I'm doing wrong or what else I need to do to get this working? Also, is it possible to register multiple names in Windows DNS for an IP with Samba? When you use net ads join to join the computer to the domain, it should register the machine in DNS as well. Since you say that the machine object shows the name in lowercase, I assume you did not create the object previously. I'm not sure if pre-creating the object will cause problems as I have not pre-created objects in my domain. If looking in DNS management does not show you machine in the forward zone, try on the Samba server sudo net ads dns register -P That will try to register the machine again in DNS. If you need additional IP's or CNAMEs, you may have to enter those manually in DNS management. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory DNS Registration
On Thu, Dec 3, 2009 at 10:55 AM, Robert LeBlanc rob...@leblancnet.us wrote: When you use net ads join to join the computer to the domain, it should register the machine in DNS as well. Well, prior to reading this I actually got things changed over to use security = ads insead of domain, and re-joined the domain using kerberos. The DNS issue was exactly the same. Since you say that the machine object shows the name in lowercase, I assume you did not create the object previously. No, I did not. I deleted it using active directory users and groups before rejoining with kerberos also. If looking in DNS management does not show you machine in the forward zone, How can I check for sure? wbinfo -I and -N work, btw, but not DNS resolution. I do not have any access to the Windows DNS stuff as it runs on servers I cannot log in to. Well, actually, I have a non-admin login right on one of them, but I don't think I can do anything useful with that. try on the Samba server sudo net ads dns register -P That will try to register the machine again in DNS. That command hung for long time, then finally returned: DNS update failed! I'm not sure if pre-creating the object will cause problems as I have not pre-created objects in my domain. I deleted the computer from AD, and pre-created it using uppercase letters, then re-joined the domain using net ads join. Now DNS resolution seems to work! If you need additional IP's or CNAMEs, you may have to enter those manually in DNS management. I'm assuming this is something on the Windows DC that is outside of my control. Is it possible to set up a (linux-based) DNS server for our site that can resolve some custom things I put in, but passes anything it doesn't know an answer for (e.g. any Windows hostname) to the Windows DNS? Cheers, -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory DNS Registration
On Thu, Dec 3, 2009 at 9:34 AM, Casey Allen Shobe ca...@shobe.info wrote: On Thu, Dec 3, 2009 at 10:55 AM, Robert LeBlanc rob...@leblancnet.uswrote: When you use net ads join to join the computer to the domain, it should register the machine in DNS as well. Well, prior to reading this I actually got things changed over to use security = ads insead of domain, and re-joined the domain using kerberos. The DNS issue was exactly the same. Since you say that the machine object shows the name in lowercase, I assume you did not create the object previously. No, I did not. I deleted it using active directory users and groups before rejoining with kerberos also. If looking in DNS management does not show you machine in the forward zone, How can I check for sure? wbinfo -I and -N work, btw, but not DNS resolution. I do not have any access to the Windows DNS stuff as it runs on servers I cannot log in to. Well, actually, I have a non-admin login right on one of them, but I don't think I can do anything useful with that. I don't have login access to our DCs, but have been granted access to DNS. I open up DNS management on my Windows XP workstation, then select one of the DCs as the DNS server, I can then do any DNS work without having to login to the DC. If this is still not an option, then I would make heavy use of the dig command on Linux. try on the Samba server sudo net ads dns register -P That will try to register the machine again in DNS. That command hung for long time, then finally returned: DNS update failed! I wonder if this may have to do with the domain requiring secure updates, it seems that this would work since you have Kerberos working correctly. I would look through the logs, maybe bumping up the debug level while running the above command. You won't need to disjoin or rejoin to see the DNS errors. I haven't had to do much in the way of DNS debugging here as it works just fine in our environment. I'm not sure if pre-creating the object will cause problems as I have not pre-created objects in my domain. I deleted the computer from AD, and pre-created it using uppercase letters, then re-joined the domain using net ads join. Now DNS resolution seems to work! This seems fishy and doesn't make sense, as we don't have to so this here. I would try some of the above things as it may help pinpoint the real problem and fix it for future Samba installs. If you need additional IP's or CNAMEs, you may have to enter those manually in DNS management. I'm assuming this is something on the Windows DC that is outside of my control. Is it possible to set up a (linux-based) DNS server for our site that can resolve some custom things I put in, but passes anything it doesn't know an answer for (e.g. any Windows hostname) to the Windows DNS? Please see my above comment, you AD admin may feel comfortable delegating certian DNS rights to get your job done. I would much prefer that over a split horizon DNS, or delegated zone if your site has it's own sub-domain. It get too difficult to manage multiple DNS servers. We have a delegated DNS zone for our AD domain, and our clients all use our Linux DNS servers by default. The reason, that DNS was set-up a long time ago and not everyone on campus uses the Active Directory. Client | Linux DNS (school.edu, delegates school.local to AD DCs) | Windows DNS (school.local) Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
