[Samba] preparing for a new site with an extra domain controller

Stefan G. Weichinger lists at xunil.at
Tue Dec 10 07:46:11 UTC 2024


Greetings!

after all these years of running Samba I am still learning and having to 
learn more :-)

I am trying to research howtos and docs, but from my experience it 
sometimes would have been better to ask BEFORE trying things.

So:

At a customer we happily run 2 samba-AD-DCs for one single AD domain, on 
one geographical site, in one single IP subnet.

(using samba-4.21.2 as I write this)

Now they took over another small company and plan to connect that to the 
AD as well.

Correct me if I am wrong:

I suggested to add a 3rd AD DC and place it there.

We already have a site-to-site-VPN (wireguard) between the 2 sites that 
works well.

So I would deploy a 3rd DC, join it to the AD and move it to their 
office. I googled that and found this howto:

https://wiki.samba.org/index.php/Active_Directory_Sites

Should the 3rd DC be in place (= in the "target subnet") already before 
joining? I think so ... to get the DNS etc correct.

I assume that renaming or changing IP should be avoided if possible, so 
it might be best to deploy the DC with running (Debian-12.8.0) linux and 
get the networking fixed before the join, right?

Any other things to take care of here?

Is the concept of "sites" the right to apply here? What about the old 
office? We don't have a site defined for that yet, does it make sense or 
is it even needed to define a site for that as well? Could that break 
things in some way?

Thanks for any help and pointers!

Stefan




More information about the samba mailing list