Web lists-archives.com

Re: [Samba] Samba, AD, 'short' name resolving...

On Wed, 6 Jun 2018 18:29:26 +0200
Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Sorry, i'm getting a bit confused about my new Samba/AD domain,
> related to the 'short' name resolving.
> I was clearly (ab)used to Samba/NT, where WINS make, on LAN, ''flat''
> resolving very simple.
> I'm moving now from my old NT domains to my new AD domain, and to
> prevent massive change i've decided to keep name resolution and DHCP
> address assigment out of the AD domain, at least for now.

This is probably where you are going wrong. AD lives and dies on DNS,
your DC MUST be authoritative for the AD domain.

> So, now i've the ''old'' DNS/DHCP on the phisical network name (eg,
> 'sv.lnf.it' for my network, 'pp.lnf.it' for other) and setup a
> different domain, 'ad.fvg.lnf.it', for AD.

Your AD clients should be using the DC as their nameserver and anything
outside the AD dns domain, should be forwarded to to a DNS server
outside the AD dns domain. This means that your DHCP server must send
the AD dns domain to the AD machines.

> Note that i've not only windows client, so DHCP assign IP to every
> device on the lan, also non-joined-to-domain hosts.

This doesn't really matter, just so long as they are in the same dns

> I'm suffering some ''strangeness'' that i'm not able to ''call by
> name''.
> a) windows hosts get in config as primary DNS suffix the AD domain
>  suffix (ad.fvg.lnf.it) and as search domains the AD domain and the
> local domain, eg 'pp.lnf.it'.
> This seems totally OK to me. I make only a note, because was the first
> thing i've verified.
> So, AFAI've understood DNS, if i search host 'domcobb', windows client
> will try 'domcobb.ad.fvg.lnd.it' first, and after that
> 'domcobb.pp.lnf.it'.

I think you mean that something like this doesn't work:

rowland@devstation:~$ ping -c1 dc4
PING dc4.samdom.example.com ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=0.750 ms

--- dc4.samdom.example.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.750/0.750/0.750/0.000 ms

> b) windows register them on the AD DNS backend seems to me only on
> join phase, but does not update anymore IP. So after some time, DNS
> registration in AD DNS start to ''diverge'' from the LAN registration.
> There's some way to force DNS AD registration on every boot?
> I've tried google with some keyword but with no luck.

This sort of points to misconfiguration and the AD DNS really having
nothing to do with the lan

> c) in the two main networks there's still the old Samba/NT servers
> with the WINS server, server provided to client via DHCP.
> But i've setup a new network, with only AD servers, and in this
> there's no WINS.

Correct 'WINS' is old school.

> I've was forced to create one, because short names resolution does not
> work.

Then you need to fix this.

> Probably i've done something wrong, but anyway seems that have a WINS
> server in a AD domain to resolv local hostname does not hurt. ;-)

It doesn't hurt, but, in a correctly set up AD domain, it isn't
required ;-)



To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba