0

I'm trying to set up a local samba domain controller in a mixed environment (Ubuntu, Linux, OSX).

Domain provisioning worked as per the samba wiki, all the suggested tests succeed, joining Linux hosts to the domain worked as well. DNS Backend is SAMBA_INTERNAL.

The DC is on Ubuntu 20.04 as LXC on a Proxmox Hypervisor, Linux host the same, Windows 10 hosts are both a VM on the Hypervisor as well as my physical machine.

Hostname of the DC is: dc1.myhouse.mydomain.com IP address of the DC is: 192.168.0.10

Local domain name is: myhouse.mydomain.com

I own and operate mydomain.com publicly

Problem: When trying to join a Windows host to the domain, I get an error "An Active Directory Domain Controller [...] could not be contacted"

I suspect that is has to do with Windows hosts not searching for the domain correctly:

ping dc1
Pinging [...]
Reply from 192.168.0.10

ping dc1.myhouse.mydomain.com
Pinging [...]
Reply from 185.16.[...] <- My webserver's IP address

Whereas on linux host:

ping dc1
Ping [...]
64 bytes from 192.168.0.10 [...]

ping dc1.myhouse.mydomain.com
Ping [...]
64 bytes from 192.168.0.10 [...]

I have double-checked that the ip address of the DC is configured as primary (and only) DNS server on the windows hosts.

Also, on Windows host, explicitly setting the DNS server in nslookup works:

C:\Users\Me>nslookup
Default Server:  fritz.box
Address:  fd00::2416[...]

> dc1.myhouse.mydomain.com
Server:  fritz.box
Address:  fd00::2416[...]

Non-authoritative answer:
Name:    dc1.myhouse.mydomain.com
Address:  185.16.[...]

> server 192.168.0.10
Default Server:  [192.168.0.10]
Address:  192.168.0.10

> dc1.myhouse.mydomain.com
Server:  [192.168.0.10]
Address:  192.168.0.10

Name:    dc1.myhouse.mydomain.com
Address:  192.168.0.10

Am I on the right track concerning the root cause?

Any suggested resources on how to explicitly track down what's going on when trying to join the Windows hosts?

Improve this question
4
  • 1
    Your "I have double-checked that the ip address of the DC is configured as primary (and only) DNS server on the windows hosts" doesn't match the nslookup output, which still shows fritz.box as the initial DNS server... In general, I don't think it's a good idea to use the same domain as both an AD domain and a router-managed "LAN DNS" domain – precisely to avoid this kind of issue.
    – grawity_u1686
    Commented Mar 7, 2021 at 0:13
  • @user1686: I know it doesn't match - which is why I double-checked in the first place. Why is windows using the gateway instead of the DNS server I explicitly told it to use? What am I missing? / As for the >>router-managed "LAN DNS" domain<<: the router doesn't know of any domains - the issue seems to be that the local domain is a subdomain of my public domain. I did this in response to advice urging to avoid .local for local domains. What's best practice there?
    – Ben Schäffner
    Commented Mar 7, 2021 at 0:28
  • Using a public domain is not an issue, as long as the (sub)domain is dedicated to AD. But it sounds a lot like you have the same "myhouse.domain.com" existing outside AD as well (the fact that nslookup does return some results pointing to some webserver).
    – grawity_u1686
    Commented Mar 7, 2021 at 1:01
  • @user1686: not quite, but mydomain.com has a wildcard A record. I have removed it for testing. Waiting for it to propagate. But still, shouldn't the local DNS server take precedence? It does for the Linux host, anyway.
    – Ben Schäffner
    Commented Mar 7, 2021 at 1:28

1 Answer 1

Reset to default
0

I found out what was wrong. As usual, it was a stupid mistake.

Windows was using the ipv6 DNS server (which I had left at its default setting). The clue was in the nslookup output all this time, but I omitted the information in the original question (since edited).

After disabling ipv6 for the interface altogether, everything now works as expected.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .