Samba5 AD, DNS Nethserver8

ansh · September 18, 2024, 3:50pm

Hi
Where is smb.conf located to register dns forwarder

I want NS8 to allow external IP addresses.

davidep · September 18, 2024, 4:30pm

The host DNS from /etc/resolv.conf is automatically set as a forwarder for the Samba DC as well. Reference

Generally, you can override smb.conf settings by editing include.conf from the config persistent Podman volume. For example, you can edit it with vim:

runagent -m samba0 # replace with your Samba MODULE_ID
podman unshare vim $(podman volume inspect config --format={{.Mountpoint}})/include.conf

However, the DNS forwarder is set as a command-line argument, making it more complex to override.

Why do you want to change the default behavior? It’s important to understand and evaluate your use case.

ansh · September 19, 2024, 8:29am

Thanks.
I registered the DNS IP in /etc/resolv. conf and now the external IP resolves, but with these settings, the external IP resolves for a very long time. (

I also found the path to the include.conf file if it’s more convenient for someone…)
/home/samba5/.local/share/containers/storage/volumes/config/_data/

ansh · October 15, 2024, 8:02am

My network has two domains and I use two DNS in the TCP/IP settings
DNS1 = 192.168.0.15 (AD1 SAMBA5 on NS8)
DNS2 = 192.168.0.17 (AD2 WINDOWS SERVER 2008)

On WINDOWS 10 computers, names from AD1 will no longer resolve, but names from AD2 will resolve.

PS C:\WINDOWS\system32> nslookup comp1.domain.local
: UnKnown
Address: 192.168.0.15

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
: comp1.domain.local
Address: 192.168.0.219

PS C:\WINDOWS\system32> ping comp1.domain.local
Ping failed to find host comp1.domain.local.
Check the host name and try again.

When I remove DNS2 and leave only DNS1 in TCP/IP settings, then computers in AD1 start resolving.
Most likely due to the long DNS1 response the system switches to DNS2. How can I increase the AD1 response speed on SAMBA5 NS8?

ansh · October 30, 2024, 10:15am

I changed include. conf and added a new name netbios name = LDAP
But after rebooting samaba5 - runagent -m samba5 systemctl --user restart samba-dc, the old line netbios name = NSDC remains in the smb.conf file

davidep · October 30, 2024, 10:27am

The include.conf file is included and should override the settings of smb.conf. Try this command to check it

runagent -m samba5 podman exec samba-dc testparm -s --parameter-name='netbios name'

Consider also netbios aliases as described in smb.conf manpage.

ansh · October 30, 2024, 10:55am

Thank you. The check shows correctly.

[root@ldap etc]# runagent -m samba5 podman exec samba-dc testparm -s --parameter-name=‘netbios name’
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
LDAP
[root@ldap etc]#

I can’t edit files inside the container(
runagent -m samba5 podman exec -ti samba-dc bash
root@nsdc:/etc# vim hostname
bash: vim: command not found

davidep · October 30, 2024, 12:05pm

You can install the Debian’s editor, or use podman unshare to edit the file with the host’s text editor as written above (Samba5 AD, DNS Nethserver8 - #2 by davidep), to preserve the correct file ownership and context.

Additional packages are lost on container restart.

ansh · October 30, 2024, 2:07pm

AD crashes after changing the Samba5 AD server name to hostname in the container runagent -m samba5 podman exec -ti samba-dc bash

Can I change the Samba5 AD server name. After migrating from NS7, is the old server name still there.

davidep · October 30, 2024, 3:34pm

If Samba comes from a NS7 migration, the previous DC host name is added to Samba’s config as netbios aliases.

This is the implementation Code search results · GitHub

If this behavior is undesired, edit the include.conf file accordingly.

ansh · October 31, 2024, 10:26am

I added an entry in include.conf

[global]
netbios name = LDAP

[root@ldap etc]# runagent -m samba5 podman exec samba-dc testparm -s --parameter-name=‘netbios name’
 Load smb config files from /etc/samba/smb.conf
 Loaded services file OK.
 Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
 LDAP
[root@ldap etc]#

But after a reboot Samba5

#runagent -m samba5 systemctl --user restart samba-dc

I use the DNS console on windows.
The values of DNS _msdcs. domain. local do not change.
SOA - nsdc.domain.local
NS - nsdc.domain.local
CNAME - nsdc.domain.local

davidep · October 31, 2024, 10:32am

DNS and NetBIOS are not the same thing. To fix DNS, the migration procedure runs this script, found from the implementation link above: ns8-samba/imageroot/actions/import-module/80set_nbalias at 6364825ded9905f94910994f8f674deeee366b4c · NethServer/ns8-samba · GitHub

It actually defines a CNAME record for the netbios alias. I suggest to define an alias and not rename completely the DC with netbios name because you’d get unpredictable side effects in AD configuration.

You can also change DNS configuration with MS Windows RSAT tools.

ansh · November 5, 2024, 10:25am

Resolved