[Samba] DCs & subnets
Rowland Penny
rpenny at samba.org
Fri Mar 10 14:52:38 UTC 2023
On 10/03/2023 14:37, Perttu Aaltonen via samba wrote:
> I have the same job to do as another user late last year: upgrade an old Samba 4.1 AD domain to a new version and server
>
> In that thread Rowland suggested to provision a new DC in the same subnet as the old one. I wonder was this just a general recommendation to make the transition easier for the specific user, or is there something technically I should be aware of if I want to add the new DC from a different subnet than the original?
>
> I’m planning to install a new Debian instance and Samba, provision it as a DC, transfer FSMO roles, then demote the old DC. I’d like to move the DCs to a more secure subnet and only allow traffic from domain member servers from another subnet.
>
> Thanks
You do not have to use the same subnet, just as long as the new DC can
connect to the old DC. Also, if you are just adding another DC, the word
is 'join' not 'provision', if you 'provision' a DC, you will get an
entirely different domain, even if you use the same domain name.
You may have problems going directly from 4.1.x to the latest available
Debian Samba version (4.17.5 from backports), you may have to upgrade to
4.5.x first
Rowland
More information about the samba
mailing list