[Samba] Picking a non-.local domain
Hans Schulze
h.schulze at labor-ostsachsen.de
Tue Aug 8 10:20:11 UTC 2023
Hello,
i am facing the same problem right now. I start from scratch for an
Samba AD. One question about this: I have registered a domain e.g.
"bla.org" extra/unique for AD, to have an placeholder and there are no
other external Services resolved over this, can i have an fqdn like
"dc1.bla.org" or that also not recommended?
The Domain is registred on a Nameserver from the Provider.
Am 08.08.2023 um 10:35 schrieb Rowland Penny via samba:
>
>
> On 08/08/2023 01:43, Mark Foley via samba wrote:
>> First off, thanks to Rowland Penny for his patience in working
>> through my thread
>> "Joining a new Samba AD DC".
>>
>> I first attempted to upgrade my old Samba 4.8.2 AD/DC to a more
>> recent version,
>> but that effort failed due to too many differences with the Samba
>> version and
>> the latest Slackware OS version. Next I tried to join a 2nd Samba DC
>> to the
>> existing domain with the intent of promoting it, but that also ran
>> into version
>> compatibility problems, including with BIND.
>>
>> Now I'm taking the "nuclear" option. I will create a new AD/DC with
>> my distro's
>> latest versions of everything. I will then un-join all the Windows
>> workstations
>> from the current domain and re-join them to the new domain. This is
>> what I did
>> 13 years ago when migrating from Windows SBS 2008 to Samba for AD/DC
>> in the
>> first place, so no reason that shouldn't work. I will join a single
>> dummy
>> Wondows workstations to this domain for testing.
>>
>> I am going through the wiki
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller.
>>
>> First question ... according to
>> https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ,
>> Using e.g. samdom.local is not recommded for several reasons. My
>> current domain
>> is hprs.local. So, as long as I'm starting from scratch I would like
>> to take the
>> opportunity to get this right.
>>
>> In wiki section "Using Your external Domain Name", it says I could
>> simply use
>> the external domain name, e.g. ohprs.org.
>>
>> Here's where I'm confused. If I use ohprs.org as the AD domain and e.g.
>> DC1.ohprs.org is my AD/DC, how does name resolution work with other
>> domain
>> members? For example, webserver.ohprs.org is a current, public FDQN
>> which
>> resolves to 98.102.63.106. Inernally this host's IP within the domain is
>> 192.168.0.3. This host also has an SSL certificate for external
>> access to
>> webpages (https).
>>
>
> Not surprised you are confused, that section of the wikipage seemed to
> say it was okay to use your external dns name, it isn't and never has
> been. I have rewritten that part to say basically, do not use your
> external dns domain for AD, use a subdomain.
>
> Rowland
>
>
More information about the samba
mailing list