[Samba] dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)

Rowland Penny rpenny at samba.org
Mon Jan 14 12:21:26 UTC 2019


On Mon, 14 Jan 2019 13:03:42 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> Hai Rowland,
> > 
> > We are talking a Samba AD DC here and this means the realm must be
> > the same as the forest dns domain. As Samba AD doesn't (yet) support
> > subdomains, the domain will be the same as the forest domain.
> > There is a line here:
> > 
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active
> > _Directory_Domain_Controller
> > 
> > Under 'Preparing the installation'
> > 
> > Select a DNS domain for your AD forest. The name will also be used
> > as the AD Kerberos realm.
> 
> Hmm, here i have something the for you, i'll pm it to you. 
> 

OK, got it, I will have a look at it.

> > Wouldn't this have the same problem ?
> > Not trying to be argumentative, just trying to understand the
> > problem.
> Just avoiding possible problems and keep it clear that dnsdomain !=
> REALM. 
> 

Still not really understanding this, I think you are saying that in
Windows AD, the REALM does not have to be the same as the dns domain,
it could be a dns subdomain like 'subdomain.example.com' with a REALM
of 'EXAMPLE.COM' (or visa versa). As I have said, you cannot have a
subdomain yet (and Windows is recommending to not use subdomains), so,
as far as Samba is concerned, the REALM is the dns domain in
uppercase.

Again, just trying to understand.

Rowland

  



More information about the samba mailing list