Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-229.1.2.el7.x86_64 Architecture: x86_64 Samba: Version 4.1.17-SerNet-RedHat-11.el7 I will choose server role: dc and dns: SAMBA_INTERNAL Please assume the following for my question - - - I purchased/own/control FQDN: mammal.com Question -- If server hostname reports Static hostname: human.mammal.com Are the following provision answers correct? Realm: human.mammal.com Domain: human Thanks for your help.
On 20/04/15 16:56, Mike wrote:> Operating System: CentOS Linux 7 (Core) > CPE OS Name: cpe:/o:centos:centos:7 > Kernel: Linux 3.10.0-229.1.2.el7.x86_64 > Architecture: x86_64 > Samba: Version 4.1.17-SerNet-RedHat-11.el7 > > I will choose server role: dc and dns: SAMBA_INTERNAL > > Please assume the following for my question - - - I purchased/own/control > FQDN: mammal.com > > Question -- > > If server hostname reports Static hostname: human.mammal.com > > Are the following provision answers correct? > > Realm: human.mammal.com > Domain: human > > Thanks for your help.No, sorry but you really shouldn't use you dns domain name that can be found via *any* dns tool from the internet, what you can/should use is something like internal.mammal.com with a domain name like 'INTERNAL' (though you could use 'HUMAN' here). Rowland
Re-reading your response again and I think I misunderstood the first time. I should use a domain name that is different from the hostname. On Apr 20, 2015 12:42 PM, "Mike" <1100100 at gmail.com> wrote:> > > On Mon, Apr 20, 2015 at 12:10 PM, Rowland Penny < > rowlandpenny at googlemail.com> wrote: > >> No, sorry but you really shouldn't use you dns domain name that can be >> found via *any* dns tool from the internet, what you can/should use is >> something like internal.mammal.com with a domain name like 'INTERNAL' >> (though you could use 'HUMAN' here). >> >> Rowland >> > > Hello Rowland, > Thank you for your response. > > So following up on your suggestion - - - if I choose to provide the > following: > > Realm: angrycheetah.mammal.com <http://human.mammal.com> > Domain: angrycheetah > > Do I need to modify CentOS Server hostname to: angrycheetah.mammal.com ? > Or does it NOT matter because the internal dns server will resolve/match > domain angrycheetah to whatever static ip is provided in dns configuration, > regardless of server hostname? > > Thank you. >
Greetings, Mike!> Operating System: CentOS Linux 7 (Core) > CPE OS Name: cpe:/o:centos:centos:7 > Kernel: Linux 3.10.0-229.1.2.el7.x86_64 > Architecture: x86_64 > Samba: Version 4.1.17-SerNet-RedHat-11.el7> I will choose server role: dc and dns: SAMBA_INTERNAL> Please assume the following for my question - - - I purchased/own/control > FQDN: mammal.com> Question --> If server hostname reports Static hostname: human.mammal.com> Are the following provision answers correct?> Realm: human.mammal.com > Domain: humanI would strongly advise against creating REALM matching existing host names. That's a lot of confusion for domain operators. In my case, I choose netbios name = dc1 realm = ADS.EXAMPLE.COM domain = EXAMPLE Do note capitalization. It is important in certain places. I.e. in Kerberos configuration. Also Rowland's advice have some merit. Not a lot, but you should really consider, if you DO want your domain records to be accessible publicly. -- With best regards, Andrey Repin Monday, April 20, 2015 21:57:49 Sorry for my terrible english...
Thank you, Andrey! Helps alot and excellent English too. :-) Best regards, Mike On Apr 20, 2015 3:05 PM, "Andrey Repin" <anrdaemon at yandex.ru> wrote:> Greetings, Mike! > > > Operating System: CentOS Linux 7 (Core) > > CPE OS Name: cpe:/o:centos:centos:7 > > Kernel: Linux 3.10.0-229.1.2.el7.x86_64 > > Architecture: x86_64 > > Samba: Version 4.1.17-SerNet-RedHat-11.el7 > > > I will choose server role: dc and dns: SAMBA_INTERNAL > > > Please assume the following for my question - - - I purchased/own/control > > FQDN: mammal.com > > > Question -- > > > If server hostname reports Static hostname: human.mammal.com > > > Are the following provision answers correct? > > > Realm: human.mammal.com > > Domain: human > > I would strongly advise against creating REALM matching existing host > names. > That's a lot of confusion for domain operators. > In my case, I choose > > netbios name = dc1 > realm = ADS.EXAMPLE.COM > domain = EXAMPLE > > Do note capitalization. It is important in certain places. I.e. in Kerberos > configuration. > > Also Rowland's advice have some merit. Not a lot, but you should really > consider, if you DO want your domain records to be accessible publicly. > > > -- > With best regards, > Andrey Repin > Monday, April 20, 2015 21:57:49 > > Sorry for my terrible english... > >
On 20/04/15 19:57, Mike wrote:> Re-reading your response again and I think I misunderstood the first time. > > I should use a domain name that is different from the hostname. > On Apr 20, 2015 12:42 PM, "Mike" <1100100 at gmail.com> wrote: > >> >> On Mon, Apr 20, 2015 at 12:10 PM, Rowland Penny < >> rowlandpenny at googlemail.com> wrote: >> >>> No, sorry but you really shouldn't use you dns domain name that can be >>> found via *any* dns tool from the internet, what you can/should use is >>> something like internal.mammal.com with a domain name like 'INTERNAL' >>> (though you could use 'HUMAN' here). >>> >>> Rowland >>> >> Hello Rowland, >> Thank you for your response. >> >> So following up on your suggestion - - - if I choose to provide the >> following: >> >> Realm: angrycheetah.mammal.com <http://human.mammal.com> >> Domain: angrycheetah >> >> Do I need to modify CentOS Server hostname to: angrycheetah.mammal.com ? >> Or does it NOT matter because the internal dns server will resolve/match >> domain angrycheetah to whatever static ip is provided in dns configuration, >> regardless of server hostname? >> >> Thank you. >>The kerberos realm has to be the same as the dns domain name on the server that samba runs on, i.e. if the fqdn of the server is 'dc.samdom.example.com', then the kerberos realm will be 'SAMDOM.EXAMPLE.COM'. What you call the workgroup/domain is up to you, it could be 'SAMDOM' or 'EXAMPLE' or anything you like, as long as it is only one word of no more than 15 characters. You should not use a dns domain name that is resolvable from the internet, do you really want your AD records possibly out there ? Rowland
Apparently Analagous Threads
- Interactively provision new domain
- Interactively provision new domain
- Winbind idmap partially fails to load attributes with 4.6.7 (Ubuntu 17.10)
- Winbind idmap partially fails to load attributes with 4.6.7 (Ubuntu 17.10)
- Cannot authenticate the administrator account