[Samba] samba_dlz: Failed to configure zone... already exists
Rowland Penny
rowlandpenny241155 at gmail.com
Thu Sep 3 15:18:21 UTC 2015
On 03/09/15 15:57, Jim Seymour wrote:
> On Thu, 3 Sep 2015 15:07:37 +0100
> Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
>
> [snip]
>> The kerberos default_realm must be the samba AD DC domain name and
>> usually
> So if I put the Samba AD DC in, say, "addc.example.com,"
> "addc.example.com" must be the Kerberos default_realm?
Yes
>
>> the samba DNS server (internal or bind) is just the dns
>> server for the samba4 AD DC.
> Yes, but I need example.com's zone to be a "normal" (i.e.: static)
> zone. It is now, and will remain, *the* zone for the corporate LAN at
> this location.
Then use another machine for the main zone.
>
> So, since a Samba AD DC must have dynamic zones, I guess that means
> Samba must "run in" a sub-zone.
>
> This is the problem to which I referred a couple days ago.
>
> I find it odd that this seems to be such an unusual configuration. Has
> the *nix world become contaminated with typical MS-Win server thinking:
> That a server can do only one thing at a time? It's an AD DC, to it
> can't do anything else?
>
>> This does not mean that you cannot add
>> other zones to AD, this is easily done with samba-tool, in fact as
>> standard, you have to create the reverse zone if you require it.
> Don't see how that solves the problem.
If you are using this in a corporate environment, you probably shouldn't
be running the main DNS server on the Samba4 machine. Just because you
can do something is not a good reason to do it! What will happen if the
Samba4 machines crashes (don't say it wont, it may) and all DNS
resolving is done by the samba4 machine. I will tell what will happen,
your phone will melt! Now, if you put the main DNS server on another
machine and the samba4 machine goes down, DNS should still work.
>
>> I wouldn't use 'pdc.example.com' as you do not have a pdc and should
>> get out of the habit of referring to it as the PDC, a PDC is a very
>> different thing from an AD DC, all DCs are equal apart from the FSMO
>> roles. How about 'ad.example.com' or 'samba.example.com'
> Very well. I defaulted to that because I keep seeing references to
> it. I'll call it "addc.example.com".
>
> Thanks,
> Jim
More information about the samba
mailing list