[Samba] Samba 4 AD DC and BIND
Andrew Bartlett
abartlet at samba.org
Tue Mar 12 22:53:16 MDT 2013
On Mon, 2013-03-11 at 19:16 -0400, Gerry Reno wrote:
> Since I am using views, where should I include the provision-generated named.conf?
>
> Just in the local network view?
Why are you using views?
My understanding is that these are normally used when external clients
and internal clients may hit the same name server. That implies that
there is direct internet access to your AD DC. If you are doing that,
then I suggest you find a different way to operate - the AD DC is the
security heart of the network, and should be more protected than that.
One approach is to have your DNS server (with views) use a zone of type
'forward' to point at the Samba server, which would not need to know
about these complex thigs.
Otherwise, if you insist you will have to manually determine how the
view statements and the include statements interact. This hasn't ever
been done before, and I don't know if the dlz module is compatible with
that, as it dynamically creates the zones.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list