[Samba] setting up a new ADS infrastructure
Rowland penny
rpenny at samba.org
Sun Jun 23 14:18:40 UTC 2019
On 23/06/2019 14:34, Stefan Froehlich via samba wrote:
> No need to be sorry - most likely I'll the whole setup from scratch.
> But just to be sure and to avoid new mistakes, after re-reading the
> samba wiki:
>
> I understand that they use the same SAMDOM.EXAMPLE.COM as DNS *and*
> Windows domain which is (for legacy reasons and for a smoother
> transition) something I'd rather like to avoid.
'SAMDOM.EXAMPLE.COM' is an example Realm name, you can use whatever you
like. However, whatever you use for the DNS domain, MUST be used for the
Realm name, but the Realm name must be in uppercase.
>
> There is the existing DNS domain synth.intern (driven by bind and
> generally in a rather good shape) and I want to create the new AD
> domain SYNTHESIS *below* and independent from that.
So far, this was a good idea.
> That's why I created an NS record for synthesis.synth.intern delegating it to the
> DC and proceeded from there following the wiki with my AD DNS domain
> being SYNTHESIS.SYNTH.INTERN.
That is where you went wrong ;-)
You should have used the subdomain 'synthesis.synth.intern' for your
AD, totally unconnected to your other DNS server. Your AD DC's are all
authoritative for the DNS domain and your AD clients must use the DC's
as their nameservers, anything the DC's do not know (anything outside
the AD domain) should be forwarded to another DNS server.
> Is this possible at all or am I just begging for trouble with such a
> setup?
No and Yes ;-)
Rowland
More information about the samba
mailing list