[Samba] dns/ad domain provisioning and naming
Rowland Penny
rowlandpenny at googlemail.com
Thu Jan 22 06:19:17 MST 2015
On 22/01/15 12:55, Jeff Henze wrote:
> On Thu, Jan 22, 2015 at 4:29 AM, Peter Serbe <peter at serbe.ch> wrote:
>> If the domain is set up as
>> [global]
>> workgroup = LOCAL
>> realm = local.thisismycompany.com
>> then the domain users would log in as local\flast.
>> I am not sure, whether LOCAL makes up a good domain name...
> Thanks for adding clarity Peter. I'm having trouble framing my
> questions so maybe I might be able to better explain precisely what
> I'm looking for here:
>
> 1) Assuming a legitimately registered ICANN domain name of
> "thisismycompany.com", Would there be a conflict having the internal
> domain's FQDN being structured as "*.thisismycompany.com" with a
> workgroup of "myco" and a realm of "thisismycompany.com"?
> 2) Assuming that first question is "yes", would end users then sign in
> as username at thisismycompany.com -and/or- myco\username ?
OK, you can call your Samba AD domain anything you want, but you
shouldn't use just your registered domain name.
From your example 'thisismycompany.com', 'internal.thisismycompany.com'
or 'myco.thisismycompany.com', would be ok, but 'thisismycompany.com'
wouldn't, you can then call your workgroup anything you like i.e
'INTERNAL' or 'MYCO' etc
As for username, it would generally be in the form of
WORKGROUP\username, but on a member server, winbind can be setup so you
would only require the username.
>
>> zone "local.thisismycompany.com" {
>> type slave;
>> masters { *your DCs go here* };
>> file "/etc/bind/namedb/bak.local.thisismycompany.com";
>> forwarders{};
> Excellent - thanks for the bind tip.
>
> -Jeff
Don't do this, set up bind to use the DLZ zones in AD, I take it that
you realise you need to run bind on the samba4 AD server and forward
everything that is outside the AD domain to another DNS server.
Rowland
More information about the samba
mailing list