3

I've set up an AD domain controller through Samba 4. I'm using Samba 4's internal DNS Server for handling the SRV queries.

However, due to project requirements, my clients need to have a DNSMASQ as their one and only DNS server.

Thus, my plan was to forward all queries which DNSMASQ can't handle to the Samba 4 server.

Let's assume the IP addresses of the servers are like this:

Server with DNSMASQ: 192.168.0.10

Server with SAMBA4: 192.168.0.11

To achieve that, I have added the following line to my DNSMASQ.conf:

server=192.168.0.11

After restarting DNSMASQ, it is not forwarding SRV quries to the SAMBA 4 DC. If I add the following line:

srv-host= _ldap._tcp.dc._msdcs.domain.example.com

the query gets forwarded, but the clients still can't join the domain. I get the following error message:

Host(A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses

Domain controllers registered in DNS are not connected to the network or are not running.

I assume there are still DNS problems, so these are my questions:

  • Is what I want to do possible at all?
  • Is there a way to just forward all SRV queries to another host with DNSMASQ?
  • Why is the server=192.168.0.11 line not working? Am I missing anything there?
Fang
  • 167
  • 1
  • 12

2 Answers2

1

I got it up and running.

Here's what my dnsmasq.conf looks like for a domain called domain.example.com, and a samba 4 domain controller with the IP of 192.168.0.11:

server=192.168.0.11
srv-host=_ldap._tcp.dc_msdcs.domain.example.com, 192.168.0.11
srv-host=ldap._tcp.gc._msdcs.domain.example.com, 192.168.0.11
srv-host=_kerberos._tcp.dc._msdcs.domain.example.com, 192.168.0.11
srv-host=ldap._tcp.pdc._msdcs.domain.example.com, 192.168.0.11

The server on which dnsmasq is installed also needs to be able to resolve the FQDN of the samba 4 domain controller, so an entry into /etc/hosts is needed:

192.168.0.11 dc1-samba.domain.example.com

The /etc/hosts on the samba 4 server needs to be set up appropriately according to https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

I took the information from here:

https://blogs.msdn.microsoft.com/servergeeks/2014/07/12/dns-records-that-are-required-for-proper-functionality-of-active-directory/

Fang
  • 167
  • 1
  • 12
  • I am using dnsmasq in OPNsense as a forwarder between AD and 1.1.1.1 in order to log traffic with Sensei. I'm using domain overrides for the AD domain for any device containing the domain name to be forwarded to the DCs for DNS resolution. It seems to work OK. – AveryFreeman Jun 06 '20 at 17:30
0

Is what I want to do possible at all?

Not if you want to have a Samba as an AD server. The only supported DNS servers for Samba are the internal DNS server or Bind. Your domain isn't going to work (e.g. PCs won't be able to be joined) if you try to use another DNS server.

Ward - Trying Codidact
  • 12,899
  • 28
  • 46
  • 59