[Samba] Picking a non-.local domain
lukebarone at gmail.com
Tue Aug 8 04:19:57 UTC 2023
Add a subdomain, such as "ad." in front of your external domain name. It
should only be resolvable inside your local network. So in your case, use "
ad.ohprs.org" for the domain name. Your domain computers will be "
pc1.ad.ohprs.org", "dc1.ad.ohprs.org", etc.
Your webserver can have multiple DNS names resolving to it, as can other
computers, both inside and/or outside your local network
On Mon, Aug 7, 2023, 8:30 p.m. Mark Foley via samba <samba at lists.samba.org>
> First off, thanks to Rowland Penny for his patience in working through my
> "Joining a new Samba AD DC".
> I first attempted to upgrade my old Samba 4.8.2 AD/DC to a more recent
> but that effort failed due to too many differences with the Samba version
> the latest Slackware OS version. Next I tried to join a 2nd Samba DC to
> existing domain with the intent of promoting it, but that also ran into
> compatibility problems, including with BIND.
> Now I'm taking the "nuclear" option. I will create a new AD/DC with my
> latest versions of everything. I will then un-join all the Windows
> from the current domain and re-join them to the new domain. This is what
> I did
> 13 years ago when migrating from Windows SBS 2008 to Samba for AD/DC in the
> first place, so no reason that shouldn't work. I will join a single dummy
> Wondows workstations to this domain for testing.
> I am going through the wiki
> First question ... according to
> Using e.g. samdom.local is not recommded for several reasons. My current
> is hprs.local. So, as long as I'm starting from scratch I would like to
> take the
> opportunity to get this right.
> In wiki section "Using Your external Domain Name", it says I could simply
> the external domain name, e.g. ohprs.org.
> Here's where I'm confused. If I use ohprs.org as the AD domain and e.g.
> DC1.ohprs.org is my AD/DC, how does name resolution work with other domain
> members? For example, webserver.ohprs.org is a current, public FDQN which
> resolves to 188.8.131.52. Inernally this host's IP within the domain is
> 192.168.0.3. This host also has an SSL certificate for external access to
> webpages (https).
> If I am on domain member "joe" how will accessing host "webserver" resolve?
> Will it refer to the public IP (184.108.40.206) or the local domain IP
> (192.168.0.3)? If local, the SSL cert won't be valid.
> Does this magically work via DNS?
> Should I pick some other AD domain name?
> Thanks --Mark
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba