I still don't understand something I know is critical for a samba 4 addc to work. We want to run DNS from our firewall/router. This seems to be the natural place for it. Furthermore, it's already there. But it seems when samba 4.x is running as an ADDC, it also wants to run/be dns. Is there a way to keep dns running on our firewall appliance and have samba refer to that? If so, what are the disadvantages ? Does it prevent machines from joining the domain? Finally, if it is not possible to allow samba to not run any dns, is there a best practice from dns naming conventions. For example, if our dns name is myschool.com all our user principals would be username at myschool.com but if samba must run its own dns, could we have a subdomain such as authdom.myschool.com And if we did, would the user principal then become username at authdom.myschool.com ? -- David Bear mobile: (602) 903-6476
Hi David,> but if samba must run its own dns, could we have a subdomain such as > > authdom.myschool.com > > And if we did, would the user principal then become > > username at authdom.myschool.com >Yes, this is what we are doing. Our 'public dns' is a regular machine with bind. And we have a specific AD domain like samba.myschool.com, and this dns is done by samba. All internal dns resolutions runs over the two samba dc's. It runs quite well. I hope this helps. MJ
On 05/06/14 20:38, David Bear wrote:> I still don't understand something I know is critical for a samba 4 addc to > work. > > We want to run DNS from our firewall/router. This seems to be the natural > place for it. Furthermore, it's already there. > > But it seems when samba 4.x is running as an ADDC, it also wants to run/be > dns.It needs to be the dns for the samba domain> > Is there a way to keep dns running on our firewall appliance and have samba > refer to that? If so, what are the disadvantages ? Does it prevent machines > from joining the domain?yes, none really, no, in that order ;-) Just point the samba forwarder at the firewall device> > Finally, if it is not possible to allow samba to not run any dns, is there > a best practice from dns naming conventions. For example, if our dns name > is > > myschool.com > > all our user principals would be username at myschool.comDon't do this> > but if samba must run its own dns, could we have a subdomain such as > > authdom.myschool.comYes, this is recommended> > And if we did, would the user principal then become > > username at authdom.myschool.comYes> ? >