[Samba] Interactively provision new domain

Mike 1100100 at gmail.com
Mon Apr 20 14:08:12 MDT 2015 

All tight and good to go.

DNS for "example.com" is provided by noip.com.

samdom.example.com is behind a firewall and will be authoritative for its
zone, forwarding requests outside its zone to my ISP nameserver.  DNS for
samdom.example.com will only respond to requests from LAN - 10.10.1.0/24.
 On Apr 20, 2015 3:27 PM, "Rowland Penny" <rowlandpenny at googlemail.com>
wrote:

> On 20/04/15 19:57, Mike wrote:
>
>> Re-reading your response again and I think I misunderstood the first time.
>>
>> I should use a domain name that is different from the hostname.
>> On Apr 20, 2015 12:42 PM, "Mike" <1100100 at gmail.com> wrote:
>>
>>
>>> On Mon, Apr 20, 2015 at 12:10 PM, Rowland Penny <
>>> rowlandpenny at googlemail.com> wrote:
>>>
>>>  No, sorry but you really shouldn't use you dns domain name that can be
>>>> found via *any* dns tool from the internet, what you can/should use is
>>>> something like internal.mammal.com with a domain name like 'INTERNAL'
>>>> (though you could use 'HUMAN' here).
>>>>
>>>> Rowland
>>>>
>>>>  Hello Rowland,
>>> Thank you for your response.
>>>
>>> So following up on your suggestion - - - if I choose to provide the
>>> following:
>>>
>>> Realm:   angrycheetah.mammal.com <http://human.mammal.com>
>>> Domain:   angrycheetah
>>>
>>> Do I need to modify CentOS Server hostname to:  angrycheetah.mammal.com
>>> ?
>>> Or does it NOT matter because the internal dns server will resolve/match
>>> domain angrycheetah to whatever static ip is provided in dns
>>> configuration,
>>> regardless of server hostname?
>>>
>>> Thank you.
>>>
>>>
> The kerberos realm has to be the same as the dns domain name on the server
> that samba runs on, i.e. if the fqdn of the server is '
> dc.samdom.example.com', then the kerberos realm will be '
> SAMDOM.EXAMPLE.COM'. What you call the workgroup/domain is up to you, it
> could be 'SAMDOM' or 'EXAMPLE' or anything you like, as long as it is only
> one word of no more than 15 characters.
>
> You should not use a dns domain name that is resolvable from the internet,
> do you really want your AD records possibly out there ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list