[Samba] Unable to join domain
Rob Campbell
robcampbell08105 at gmail.com
Tue Oct 12 16:09:16 UTC 2021
> This bothered me too at first, but think of it like this: Your AD domain
> is not the same thing as your DNS domain. There could very well be
> devices in your DNS domain that are not bound to the AD domain.
> However, everything in your AD domain is in your DNS domain. So as sets,
> {AD Domain} is strictly a subset of {DNS Domain}. Consequently it makes
> sense that if
> example.com
> is your DNS domain, then something like
> EX-AD.example.com <http://ex-ad.example.com/>
> would be your AD domainL EX-AD.example.com <http://ex-ad.example.com/>
<< example.com
This makes sense and has provided clarity. I'm not relating my dns domain
to my AD domain though. This is to manage users access to equipment and
files. Initially it was just for 3 of us but they wanted to open it up to
the whole family so now there's 20.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
On Tue, Oct 12, 2021 at 10:34 AM Patrick Goetz via samba <
samba at lists.samba.org> wrote:
>
>
> On 10/12/21 03:50, Rowland Penny via samba wrote:
> > On Mon, 2021-10-11 at 18:01 -0400, Rob Campbell wrote:
> >> Maybe I'm confused about the word server. What constitutes a server
> >> that makes it impossible for it to join a domain?
> >
> > The word 'server' is very broad reaching, but when you combine it with
> > the word 'standalone', you get a 'standalone server' and this type of
> > Samba server contains its own user & group database and requires Samba
> > users and the same users in /etc/passwd. A standalone server is akin to
> > Windows Home edition and cannot join a domain.
> >
> >> fsdc01 was just a samba file server but if I remove the samba
> >> configuration, can't I then join it to the domain (after following
> >> the wiki steps of adding a member)?
> >
> > You should be able to join any Unix computer to an AD domain, provided
> > it is configured correctly.
> >
> >>
> >> What is throwing me off is that it seems to require a subdomain or at
> >> least, that is how the wiki configuration is designed. This has to
> >> be done with a subdomain? I can't skip the subdomain the subdomain?
> >
> > If you have a registered domain, then you can use that, but best
> > practise is to a subdomain of your registered domain (This isn't just a
> > Samba best practice, it is also a Microsoft best practice).
> >
>
> This bothered me too at first, but think of it like this: Your AD domain
> is not the same thing as your DNS domain. There could very well be
> devices in your DNS domain that are not bound to the AD domain.
> However, everything in your AD domain is in your DNS domain. So as sets,
> {AD Domain} is strictly a subset of {DNS Domain}. Consequently it makes
> sense that if
>
> example.com
>
> is your DNS domain, then something like
>
> EX-AD.example.com
>
> would be your AD domainL EX-AD.example.com << example.com
>
>
>
>
> >> For better clarity I could start over and have my subdomain as
> >> internal if I need one so it would be internal.test-server.lan and
> >> then have all the hostnames but I was hoping to have root domain and
> >> hostnames only and I can see now that due to my naming schema, I
> >> confused everyone.
> >
> > You can use just the domain if you wish, but best practice is to use a
> > subdomain.
> >
> >> My bad.
> >
> > No, just lack of knowledge and we are all guilty of that from time to
> > time.
> >
> >> I did choose dc01 because I figured everything would attach to it
> >> unless I built a dc02 which I thought about doing further down the
> >> line just for understanding how things work.
> >
> > It is another best practice to run multiple AD DC's
> >
> >>
> >> I'll start over with my Debian vm being DC01.INTERNAL.TEST-SERVER.LAN
> >> (hostname dc01 and then my Fedora file server can be
> >> FS01.INTERNAL.TEST-SERVER.LAN.
> >
> > That sounds a better idea.
> >
> > Rowland
> >
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list