[Samba] multi-site DNS confusion

Eric rvwbug at gmail.com
Mon Mar 20 15:31:53 UTC 2023 

Greetings,

I'm not sure what else to add. If you need more info please let me know.

Any input is greatly appreciated.

Eric


On Sat, Mar 4, 2023 at 2:58 PM Eric <rvwbug at gmail.com> wrote:

> Greetings,
>
> This is my first attempt at multi-site with unique subnets (actually
> first attempt at more than on DC).
>
> I had the existing "defaultFirstSite" then added a second site and
> two subnets (that I associated with each site).
>
> I joined a second DC from the second site with the following:
>
> samba-tool domain join ssc.domain.com DC -Uadministrator --realm=
> ssc.domain.com --site=smithCo
>
> DC01 = defaultFirstSite 10.1.211.0/25
>
> [global]
>  dns forwarder = 10.1.211.254
> netbios name = DC01
> realm = SSC.DOMAIN.COM
> server role = active directory domain controller
> workgroup = SSC
> idmap_ldb:use rfc2307 = yes
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [netlogon]
> path = /var/lib/samba/sysvol/ssc.domain.com/scripts
> read only = No
>
>
>
> DC02 = smithCo 192.168.11.0/24
> [global]
> dns forwarder = 192.168.11.1
> netbios name = DC02
> realm = SSC.DOMAIN.COM
> server role = active directory domain controller
> workgroup = SSC
> idmap_ldb:use rfc2307 = yes
>
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
>
> [netlogon]
>         path = /var/lib/samba/sysvol/ssc.domain.com/scripts
>         read only = No
>
>
> Both Forwarders go to each respective router/gateway device.
>
> I'm unsure how to handle DNS management. I thought I would be able to
> connect to
> DC02 DNS server (as I've done with DC01) using RSAT. I get an error
> when trying to add DC02 as a DNS server
> Error:
> "Access was denied, would you like to add it anyway"
>
> I'm I supposed to manage all DNS via DC01 only?
> If so, do I add a reverse zone or any other items directly
> to DC01 dns server records? Is there any documentation
> on managing multiple DCs (DNS and perhaps DHCP using
> multi-sites and subnets)?  I found the docs on how to set it up
> but the management part is unknown to me.
> This is what I used for the setup:
> https://wiki.samba.org/index.php/Active_Directory_Sites
>
> Following this wiki
>
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Verifying_Directory_Replication
>
> Is the section "Built-in User & Group ID Mappings" still relevant? I ask
> because I thought SAMBA4 has some
> built-in replication. I thought everything gets replicated aside from
> group policies. Perhaps this is package/distro dependent?
>
> Thanks in advance,
>
> Eric
>
>

More information about the samba mailing list