Web lists-archives.com

[Samba] VPN remote Samba AD DC not located




Rowland> You will probably be better off using a proper mail client (i.e. thunderbird)

  Ok. That's what I'll do from now on.

Rowland> I am beginning to think you are using Bind9 with flatfiles, otherwise
Rowland> all machines would be available to the dns server on any DC.

  There are two locations: 1 (local, where I am physically) and 2 (remote).
  On the remote location (2) "samba-tool domain provision" was made with the option "--dns-backend=BIND9_DLZ" a few years ago.   On the local location (1)  "samba-tool domain provision" was made with the option "--dns-backend=SAMBA_INTERNAL" recently.
  Now, how can I confirm this to be sure?

> First thing, is company.elmts a registered domain name ?

  "company.elmts" is "iodesoft.lan"

> if so, I would use a subdomain of this instead e.g. ad.company.elmts

  I don't see why.
  I've read it is possible to have one DNS domain name not two or more.
  I think it would be very difficult for me to change it.

> Provided that the required info is AD and the dns server is set up to use this info, the ping commands should work

  I don't understand what you mean.

> The other question is, why do both DCs have multiplw FQDN's

  I don't understand what you mean.
  I meant that on subnet 192.168.1.0/24 (where there is the SAMBA AD DC DNS server 1),   there is one machine which Fully Qualified Domain Name (FQDN) is "hostname_1_1.company.elmts." and IP "192.168.1.11"   and that there is another one which FQDN is "hostname_1_2.company.elmts." with IP "192.168.1.12"
  Etc.


Currently, the problem is:
When I am on machine "hostname_1_1.company.elmts."
and I "ping hostname_2_1.company.elmts."
the local Samba DNS server doesn't know the name "hostname_2_1.company.elmts.".
Because the two Samba AD DC do not know each other.
Because the DNS servers (Bind remote and SAMBA_INTERNAL local) do not know each other.
I don't know how to make them be aware of each other
and among other things forward the DNS queries to each other when necessary.

Thank you for your help.
--
Léa



On 13/04/2018 3:26 PM, Rowland Penny wrote:
On Fri, 13 Apr 2018 14:52:59 +0200
Lmloge<lmloge@xxxxxxxxx>  wrote:

Thank you for your answer.

I do not receive anything in my Thunderbird mail boxes.
I probably turned off that functionality a long time ago. I don't
remember.

About the post that I can't find, I sent it from the Web page
http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
by creating a "New topic".
You will probably be better off using a proper mail client (i.e.
thunderbird)

My post was approximately this one:
=====================================================================================
My problem is about DNS names resolution in case there are:
two DNS servers
separated by a VPN
and one DNS domain name.

Context: two Samba AD DC on each side of the VPN, one forest, one
domain, one site, two subnets.
Note that this target configuration is not yet operational since I'm
trying to make the DSN names resolution work first through the VPN.
The DNS backend is SAMBA_INTERNAL.

+---------------------------+
| SUBNET: 192.168.1.0/24
+---------------------------+
| SAMBA AD DC DNS server 1
+---------------------------+
| DOMAIN: company.elmts
+---------------------------+
| hostname_1_1
| hostname_1_2
| ...
| hostname_1_N1
+---------------------------+
|
|
VPN
|
|
+--------------------------+
| SUBNET: 192.168.2.0/24
+--------------------------+
| SAMBA AD DC DNS server 2
+--------------------------+
| DOMAIN: company.elmts
+--------------------------+
| hostname_2_1
| hostname_2_2
| ...
| hostname_2_N2
+--------------------------+

Sedentary machines: have their hostname registered either on SAMBA AD
DC DNS server 1 or (exclusive) SAMBA AD DC DNS server 2.
Nomad machines: have their hostname registered on both SAMBA AD DC
DNS servers.
I am beginning to think you are using Bind9 with flatfiles, otherwise
all machines would be available to the dns server on any DC.

--------------------------------------------------------------------
On SAMBA AD DC DNS server 1:
----------------------------
      FQDN: hostname_1_1.company.elmts. / IP: 192.168.1.11 / SEDENTARY
      FQDN: hostname_1_2.company.elmts. / IP: 192.168.1.12 / SEDENTARY
      ...
      FQDN: nomad_a.company.elmts.      / IP: 192.168.1.53 / NOMAD
      FQDN: nomad_b.company.elmts.      / IP: 192.168.1.54 / NOMAD
      ...
--------------------------------------------------------------------
      On SAMBA AD DC DNS server 2:
----------------------------
      FQDN: hostname_2_1.company.elmts. / IP: 192.168.2.21 / SEDENTARY
      FQDN: hostname_2_2.company.elmts. / IP: 192.168.2.22 / SEDENTARY
      ...
      FQDN: nomad_a.company.elmts.      / IP: 192.168.2.65 / NOMAD
      FQDN: nomad_b.company.elmts.      / IP: 192.168.2.66 / NOMAD
      ...
--------------------------------------------------------------------

For now, if I `ping hostname_2_1` from `hostname_1_1`, the name
`hostname_2_1` is not resolved.
How can I make this work?
First thing, is company.elmts a registered domain name ? if so, I would
use a subdomain of this instead e.g. ad.company.elmts

Provided that the required info is AD and the dns server is set up to
use this info, the ping commands should work (provided the VPN is
working correctly). If the 'ping' doesn't work, then it is unlikely
replication will work either.

The other question is, why do both DCs have multiplw FQDN's

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba