[Samba] Two Samba 4 AD DC forest trust

Lea Massiot lmloge at orange.fr
Fri Apr 6 15:01:50 UTC 2018


Hello,

My post is about having two Samba 4 AD DC at two different geographical
places and access resources bidirectionnaly through a VPN as summarized in
the schema below.

-------------------------
Geographical site 1
-------------------------
- AD DC: Samba 4.1.4
- LAN_1 IPs: 192.168.1.0/24
- Machines DNS names: <hostname>.company.lan
- Some machines do not move from this site.
- Some machines are nomads (they can move to Geographical site 2).
- We can access some resources that are on LAN_2 machines through the VPN.
  For example, NASs get synchronized throught the VPN.
-------------------------
|
|
|
|
VPN
|
|
|
|
-------------------------
Geographical site 2
-------------------------
- AD DC: Samba 4.8.0
- LAN_2 IPs: 192.168.2.0/24
- Machines DNS names: <hostname>.company.lan2
- Some machines do not move from this site.
- Some machines are nomads (they can move to Geographical site 1).
- We can access some resources that are on LAN_1 machines through the VPN.
  For example, NASs get synchronized throught the VPN.
-------------------------

On Geographical site 2, I am about to (*):

/"Select a DNS domain for your AD forest. 
The name will also be used as the AD Kerberos realm.
WARNING | Make sure that you provision the AD using a DNS domain that will
not need to be changed. 
WARNING | Samba does not support renaming the AD DNS zone and Kerberos
realm."
/

I am wondering which is the good way to go as far as these domain names are
concerned.
Also, I have read about AD forests but I couldn't find literature explaining
how to set up such a system with two Samba 4 AD DC.

In
https://www.infoworld.com/article/2613171/networking/samba-4-review--no-substitute-for-active-directory----yet.html
dating back to 2013, one can read:
/"Support for cross-forest trusts and multiple domain controllers is still
to come. "/

Can you help me?
Best regards.

(*)
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller



--
Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html



More information about the samba mailing list