[Samba] Picking a non-.local domain

Luke Barone lukebarone at gmail.com
Tue Aug 8 04:19:57 UTC 2023 

Add a subdomain, such as "ad." in front of your external domain name. It
should only be resolvable inside your local network. So in your case, use "
ad.ohprs.org" for the domain name. Your domain computers will be "
pc1.ad.ohprs.org", "dc1.ad.ohprs.org", etc.

Your webserver can have multiple DNS names resolving to it, as can other
computers, both inside and/or outside your local network

On Mon, Aug 7, 2023, 8:30 p.m. Mark Foley via samba <samba at lists.samba.org>
wrote:

> First off, thanks to Rowland Penny for his patience in working through my
> thread
> "Joining a new Samba AD DC".
>
> I first attempted to upgrade my old Samba 4.8.2 AD/DC to a more recent
> version,
> but that effort failed due to too many differences with the Samba version
> and
> the latest Slackware OS version.  Next I tried to join a 2nd Samba DC to
> the
> existing domain with the intent of promoting it, but that also ran into
> version
> compatibility problems, including with BIND.
>
> Now I'm taking the "nuclear" option.  I will create a new AD/DC with my
> distro's
> latest versions of everything.  I will then un-join all the Windows
> workstations
> from the current domain and re-join them to the new domain.  This is what
> I did
> 13 years ago when migrating from Windows SBS 2008 to Samba for AD/DC in the
> first place, so no reason that shouldn't work.  I will join a single dummy
> Wondows workstations to this domain for testing.
>
> I am going through the wiki
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
> .
>
> First question ... according to
> https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ,
> Using e.g. samdom.local is not recommded for several reasons. My current
> domain
> is hprs.local. So, as long as I'm starting from scratch I would like to
> take the
> opportunity to get this right.
>
> In wiki section "Using Your external Domain Name", it says I could simply
> use
> the external domain name, e.g. ohprs.org.
>
> Here's where I'm confused. If I use ohprs.org as the AD domain and e.g.
> DC1.ohprs.org is my AD/DC, how does name resolution work with other domain
> members? For example, webserver.ohprs.org is a current, public FDQN which
> resolves to 98.102.63.106. Inernally this host's IP within the domain is
> 192.168.0.3. This host also has an SSL certificate for external access to
> webpages (https).
>
> If I am on domain member "joe" how will accessing host "webserver" resolve?
> Will it refer to the public IP (98.102.63.106) or the local domain IP
> (192.168.0.3)? If local, the SSL cert won't be valid.
>
> Does this magically work via DNS?
>
> Should I pick some other AD domain name?
>
> Thanks --Mark
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list