[Samba] multi-site DNS confusion

Eric rvwbug at gmail.com
Sat Mar 4 19:58:58 UTC 2023 

Greetings,

This is my first attempt at multi-site with unique subnets (actually
first attempt at more than on DC).

I had the existing "defaultFirstSite" then added a second site and
two subnets (that I associated with each site).

I joined a second DC from the second site with the following:

samba-tool domain join ssc.domain.com DC -Uadministrator --realm=
ssc.domain.com --site=smithCo

DC01 = defaultFirstSite 10.1.211.0/25

[global]
 dns forwarder = 10.1.211.254
netbios name = DC01
realm = SSC.DOMAIN.COM
server role = active directory domain controller
workgroup = SSC
idmap_ldb:use rfc2307 = yes

[sysvol]
path = /var/lib/samba/sysvol
read only = No

[netlogon]
path = /var/lib/samba/sysvol/ssc.domain.com/scripts
read only = No



DC02 = smithCo 192.168.11.0/24
[global]
dns forwarder = 192.168.11.1
netbios name = DC02
realm = SSC.DOMAIN.COM
server role = active directory domain controller
workgroup = SSC
idmap_ldb:use rfc2307 = yes

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[netlogon]
        path = /var/lib/samba/sysvol/ssc.domain.com/scripts
        read only = No


Both Forwarders go to each respective router/gateway device.

I'm unsure how to handle DNS management. I thought I would be able to
connect to
DC02 DNS server (as I've done with DC01) using RSAT. I get an error
when trying to add DC02 as a DNS server
Error:
"Access was denied, would you like to add it anyway"

I'm I supposed to manage all DNS via DC01 only?
If so, do I add a reverse zone or any other items directly
to DC01 dns server records? Is there any documentation
on managing multiple DCs (DNS and perhaps DHCP using
multi-sites and subnets)?  I found the docs on how to set it up
but the management part is unknown to me.
This is what I used for the setup:
https://wiki.samba.org/index.php/Active_Directory_Sites

Following this wiki
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Verifying_Directory_Replication

Is the section "Built-in User & Group ID Mappings" still relevant? I ask
because I thought SAMBA4 has some
built-in replication. I thought everything gets replicated aside from group
policies. Perhaps this is package/distro dependent?

Thanks in advance,

Eric

More information about the samba mailing list