[Samba] Setting up new samba-ac-dc on Ubuntu 18.04 - KDC not FOUND
Gregory Sloop
gregs at sloop.net
Sun Aug 5 23:42:47 UTC 2018
RSAvs> Rowland Penny via samba wrote:
>> If you are only going to have one DC, then the internal DNS server is
>> okay, it just doesn't work as well as Bind9. Once you have more than
>> one DC (which is the recommendation), then it is better to use Bind9.
Define *better*.
AFAICT, using Samba's internal DNS works fine with multple DC's. But perhaps I've missed something.
RSAvs> I have two other servers. Once the ad-cd server is up the I plan to have
RSAvs> the other servers moved to ad and act as alternate dcs
>> Louis went down the same path as you, least amount of changes,
RSAvs> Louis however also used Bind9 in his recent notes. I'm somewhat
RSAvs> concerned that removing systemd-resolvd will create other issues.
>> You pays your money and makes your choices ;-)
RSAvs> You still have to live with them later. B-)
>> Rowland
RSAvs> One question. Can I simply re-provision the server and overwrite the
RSAvs> existing configuration if I decide to go to bind9?
Well, you won't be able to "reprovision" without destroying your domain configuration and all the Kerberos trust relationships between the Windows clients and the DC. But I believe you can modify your samba config and change from using internal DNS to BIND. [I'm not sure about re-creation of all the DNS entries - that may be something you have to do by hand.]
But IMO internal DNS works fine [at least if you don't need to act as an auth dns zone for a zone outside of the dc's dns scope.]
Disable systemd.resolvd and it works fine. [Or use Louis' method - I'm pretty sure it works, but I had difficulty with it and found it easier to simply nuke systemd.resolvd.]
RSAvs> --
RSAvs> Rob Steinmetz
More information about the samba
mailing list