Hi all,
This is a bit of a brain dump so that I don’t forget this little tidbit in future.
Scenario
You have a shiny new Samba 4 active domain controller (or two) responsible for the domain ad.youroffice.example.com. You have a couple of DNS servers that are responsible for non-AD parts of the domain and the parent youroffice.example.com. To have everything go through one place, you’ve set up these servers with slave domains for ad.youroffice.example.com.
Joining your first Windows 7 client yields a message like this one. You’re able to resolve yourdc.ad.youroffice.example.com on the client but not the _msdcs subdomain.
The fix
Configure your slaves to also sync _msdcs.ad.youroffice.example.com.
Example using bind
zone "vrtad.youroffice.example.com" {
type slave;
file "/var/lib/bind/db.ad.youroffice.example.com";
masters { 10.20.30.1; 10.20.30.2; };
allow-notify { 10.20.30.1; 10.20.30.2; };
};
zone "_msdcs.ad.youroffice.example.com" {
type slave;
file "/var/lib/bind/db._msdcs.ad.youroffice.example.com";
masters { 10.20.30.1; 10.20.30.2; };
allow-notify { 10.20.30.1; 10.20.30.2; };
};
Recent Comments