[Samba] Samba shares and samba server residing on different physical machines

E Kogler igoetrich at yahoo.de
Thu Jul 6 14:11:44 UTC 2023 

The zone for my AD is "samba.xy.local", for the network it's "xy.local".
So I should be safe ensuring my 4.17 samba manages the zone "samba.xy.local" since only the zone "xy.local" is transferred.Is this provided transferring the FSMO roles ? I did this process three years ago the last time and since this is a school network and I'm both, the B.O.F.H. and teacher (ages 15 to 18+ ) there's much to forget ...
Gesendet von Yahoo Mail auf Android 
 
  Am Do., Juli 6, 2023 at 15:31 schrieb Rowland Penny via samba<samba at lists.samba.org>:   

On 06/07/2023 14:15, E Kogler via samba wrote:
>  Well, I set up DNS in my network with two BIND9s external to samba residing on two boxes. One is my primary DNS for the network and one as a slave to it.When using the BIND9 backend you have to modify "named.conf " to include the "/usr/local/.../samba/../named.conf", my question is:since the slave BIND9-DNS server (for the network) retrieves its zone information (except 127.0.0.1 zone and root.hints) from the primary DNS  I have set up I am a little bit confused if the zone information the SAMBA 4.17 DC provides can be included to the slave BIND9 as described in the wiki.
> To clarify the setup:
> Machine        samba version    BIND9 role
> majestix        4.9.x, (old)          primary DNS for the network
> firix               4.17.8                 slave to majestix
> 

Hmm, In a situation like this (where I presume your clients are using 
your 'external' dns servers as their nameservers), anything for the AD 
dns domain should be forwarded to an AD DC. This can however lead to 
problems if the AD dns domain and the 'external' domain are the same.

Or to put it another way, if your 'external' dns servers have the same 
dns domain as the AD domain, then, sorry, but you are doing it wrong.

If your 'external' dns domain is 'example.com', then your AD dns domain 
should be something like 'ad.example.com' and the 'example.com' dns 
servers should forward all requests for 'ad.example.com' to an AD DC, it 
should hold no zone records for the 'ad.example.com' domain.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list