0

so my problem is this

I have 3 servers:

Server A: running ubuntu 14.04 with openldap and samba
Server B: running ubuntu 14.04 with bind9 and dhcp (dns server)
Server C: client windows 2008

Server C uses Server B for dns. Server B has SRV records for Server A, more specifically I have these records on Server B:

 $ORIGIN _tcp.dc._msdcs.mosek.intranet.
 _kerberos               SRV     0 0 88 fredericia.
 _ldap                   SRV     0 0 389 fredericia.

 $ORIGIN _tcp.mosek.intranet.
 _kerberos               SRV     0 0 88 fredericia.
 _ldap                   SRV     0 0 389 fredericia.

but when I try to connect Server C to the samba domain on Server A I get this error:

DNS was successfully queried for the service location (SRV)
resource record used to locate a domain controller for domain    
"mosek.intranet"

The query was for the SRV record for _ldap._tcp.dc.msdcs.mosek.intranet


The following domain controllers were identified by the query:
Server A

However no domain controllers could be contacted.

So as you can see the dNS points to the right server, but for some reason I can't connect to the server. I tried pinging Server A from Server A both with hostname and FQDN, and both pinged just fine, so I can't see why it can't connect.

Can someone please help?

Tomas
  • 259
  • 3
  • 7
  • 16
  • is the FQDN of the server "fredericia.mosek.intranet."? if so you must remove the dot (".") at the end of "fredericia" in the zone file. The dot tells the dns server this is an absoulte (complete) fqdn instead of a regular host name in the parent DNS zone. – JFL Apr 08 '16 at 12:53
  • it is, but when I try to remove the dots I get "DNS server failure" with error code: 0x0000232A RCODE_SERVER_FAILURE – Tomas Apr 08 '16 at 12:59
  • if so you may give the complete fqdn. I.E. "fredreicia.mosek.intranet." – JFL Apr 08 '16 at 13:11
  • @JFL That didn't work either – Tomas Apr 13 '16 at 07:04

2 Answers2

1

There are some best practices that you should be following:

You say "DC" and "domain controller" so I assume you are using Samba 4.something and running it as an AD DC. But you also say you've got OpenLDAP installed on the same server as Samba and that doesn't make sense. Samba is an LDAP server and it needs to be the LDAP server for your AD domain.

You're also complicating your life by setting not using Samba as its own DNS server. You'd be better off following the best practice of making your AD domain a sub-domain of your main domain and having the Samba server by authoritative for that sub-domain.

Community
  • 1
Ward - Reinstate Monica
  • 12,788
  • 28
  • 44
  • 59
0

I found the solution myself :)

I forgot to get 2 global settings in /etc/samba/smb.conf

domain master = yes
local master = yes
Tomas
  • 259
  • 3
  • 7
  • 16