samba - Sep 2017 - File server questions

On Tue, 12 Sep 2017 10:40:50 -0300
Flávio Silveira via samba <samba at lists.samba.org> wrote:

> Thanks for the replies Rowland and Louis!
> 
> Giving all that was said here is a snippet of what I have in 
> /var/lib/dhcp/dhclient.enp2s0.leases
> 
> Don't know why my interface is named enp2s0, but I only have one,
> this might be a driver thing.
No, it is a systemd thing.
> 
> lease {
>    interface "enp2s0";
>    fixed-address 192.168.11.6;
>    option subnet-mask 255.255.255.0;
>    option routers 192.168.11.1;
>    option dhcp-lease-time 86400;
>    option dhcp-message-type 5;
>    option domain-name-servers 192.168.11.1;
>    option dhcp-server-identifier 192.168.11.1;
>    option domain-name "local";
>    renew 2 2017/09/12 15:28:36;
>    rebind 3 2017/09/13 01:09:09;
>    expire 3 2017/09/13 04:09:09;
> }
> 
> This is the server that will be the AD DC, it currently is in client 
> subnet (192.168.11.x) for testing, but I will put it in server subnet 
> (192.168.13.x) when in production.
> 
> I can't change these settings now as it will break the whole network, 
> can I use the "method 3" from the link for now and manually edit 
> /etc/resolv.conf and then when it is ready for production I drop that 
> script and configure it properly into the DHCP Server?
Not sure, I run a DHCP server on my DC, but not in the way you are
proposing, see the Samba wiki for more info.
> 
> Speaking of AD DC tutorial, I've read it over and over and
> especifically the provisioning part, does this sound correct?
> 
> samba-tool domain provision --server-role=dc --use-rfc2307 
> --dns-backend=SAMBA_INTERNAL --realm=AD.TECNOPON.COM.BR --domain=AD 
> --adminpass=mypass --option="interfaces=lo enp2s0"
--option="bind
> interfaces only=yes" --option="dns forwarder=192.168.11.1"
Yes, but the --server-role and --dns-backend are defaults and as such
are not really required.
 
> 
> If I understand correctly, domain is what will be NetBIOS Name,
> right? 
Wrong, the domain name, also known as the workgroup, is really the
NetBIOS domain name. This should not be confused with the NetBIOS name,
which is the hosts short name in UPPERCASE.
If you are confused, don't blame me or Samba, blame Microsoft, they
came up with the names.
> What about Hostname? How do I set it in non-interactive mode?
You don't, Samba will set it for you from your shorthostname.
> Where DC1 came from? Can I use that as NetBIOS Name?
Yes, provided the output from 'hostname -s' is 'dc1' ;-)

Rowland

Em 12/09/2017 11:03, Rowland Penny via samba escreveu:
> On Tue, 12 Sep 2017 10:40:50 -0300
> Flávio Silveira via samba <samba at lists.samba.org> wrote:
>
>
>> Thanks for the replies Rowland and Louis!
>>
>> Giving all that was said here is a snippet of what I have in
>> /var/lib/dhcp/dhclient.enp2s0.leases
>>
>> Don't know why my interface is named enp2s0, but I only have one,
>> this might be a driver thing.
> No, it is a systemd thing.
>
>> lease {
>>     interface "enp2s0";
>>     fixed-address 192.168.11.6;
>>     option subnet-mask 255.255.255.0;
>>     option routers 192.168.11.1;
>>     option dhcp-lease-time 86400;
>>     option dhcp-message-type 5;
>>     option domain-name-servers 192.168.11.1;
>>     option dhcp-server-identifier 192.168.11.1;
>>     option domain-name "local";
>>     renew 2 2017/09/12 15:28:36;
>>     rebind 3 2017/09/13 01:09:09;
>>     expire 3 2017/09/13 04:09:09;
>> }
>>
>> This is the server that will be the AD DC, it currently is in client
>> subnet (192.168.11.x) for testing, but I will put it in server subnet
>> (192.168.13.x) when in production.
>>
>> I can't change these settings now as it will break the whole
network,
>> can I use the "method 3" from the link for now and manually
edit
>> /etc/resolv.conf and then when it is ready for production I drop that
>> script and configure it properly into the DHCP Server?
> Not sure, I run a DHCP server on my DC, but not in the way you are
> proposing, see the Samba wiki for more info.
I actually have a router behind the AD DC, so when it is ready for 
production I will change domain-name-servers and domain-name on that 
router so it will pass that information directly from DHCP.
>> Speaking of AD DC tutorial, I've read it over and over and
>> especifically the provisioning part, does this sound correct?
>>
>> samba-tool domain provision --server-role=dc --use-rfc2307
>> --dns-backend=SAMBA_INTERNAL --realm=AD.TECNOPON.COM.BR --domain=AD
>> --adminpass=mypass --option="interfaces=lo enp2s0"
--option="bind
>> interfaces only=yes" --option="dns
forwarder=192.168.11.1"
> Yes, but the --server-role and --dns-backend are defaults and as such
> are not really required.
>   
>> If I understand correctly, domain is what will be NetBIOS Name,
>> right?
> Wrong, the domain name, also known as the workgroup, is really the
> NetBIOS domain name. This should not be confused with the NetBIOS name,
> which is the hosts short name in UPPERCASE.
> If you are confused, don't blame me or Samba, blame Microsoft, they
> came up with the names.
Ok, I understand now, one question though: if realm is 
AD.TECNOPON.COM.BR, does domain need to be AD? If I understand 
correctly, realm is "full domain with subdomain" and domain is the 
subdomain, yes?
>> What about Hostname? How do I set it in non-interactive mode?
> You don't, Samba will set it for you from your shorthostname.
I see, nothing to bother then.
>> Where DC1 came from? Can I use that as NetBIOS Name?
> Yes, provided the output from 'hostname -s' is 'dc1' ;-)
A-ha! I get it now, I will change the hostname accordingly then, thank you!
> Rowland
>

On Tue, 12 Sep 2017 14:41:42 -0300
Flávio Silveira via samba <samba at lists.samba.org> wrote:
> 
> Ok, I understand now, one question though: if realm is 
> AD.TECNOPON.COM.BR, does domain need to be AD? 
No, you can use anything you like, provided it is one word, 15
characters or less, without punctuation.
> If I understand 
> correctly, realm is "full domain with subdomain" and domain is
the
> subdomain, yes?
>
No, the AD realm is the dns domain of the computer in uppercase, it
being a subdomain does not come into it. From your example above, the
dns domain would be: ad.tecnopon.com.br 
The realm would be: AD.TECNOPON.COM.BR

Rowland