[Samba] Interactively provision new domain

Rowland Penny rowlandpenny at googlemail.com
Mon Apr 20 13:24:36 MDT 2015

On 20/04/15 19:57, Mike wrote:
> Re-reading your response again and I think I misunderstood the first time.
> I should use a domain name that is different from the hostname.
> On Apr 20, 2015 12:42 PM, "Mike" <1100100 at gmail.com> wrote:
>> On Mon, Apr 20, 2015 at 12:10 PM, Rowland Penny <
>> rowlandpenny at googlemail.com> wrote:
>>> No, sorry but you really shouldn't use you dns domain name that can be
>>> found via *any* dns tool from the internet, what you can/should use is
>>> something like internal.mammal.com with a domain name like 'INTERNAL'
>>> (though you could use 'HUMAN' here).
>>> Rowland
>> Hello Rowland,
>> Thank you for your response.
>> So following up on your suggestion - - - if I choose to provide the
>> following:
>> Realm:   angrycheetah.mammal.com <http://human.mammal.com>
>> Domain:   angrycheetah
>> Do I need to modify CentOS Server hostname to:  angrycheetah.mammal.com ?
>> Or does it NOT matter because the internal dns server will resolve/match
>> domain angrycheetah to whatever static ip is provided in dns configuration,
>> regardless of server hostname?
>> Thank you.

The kerberos realm has to be the same as the dns domain name on the 
server that samba runs on, i.e. if the fqdn of the server is 
'dc.samdom.example.com', then the kerberos realm will be 
'SAMDOM.EXAMPLE.COM'. What you call the workgroup/domain is up to you, 
it could be 'SAMDOM' or 'EXAMPLE' or anything you like, as long as it is 
only one word of no more than 15 characters.

You should not use a dns domain name that is resolvable from the 
internet, do you really want your AD records possibly out there ?


More information about the samba mailing list