Hello guys, I work at an institution where the domain is institute.edu.br. We have a main dns that answers for the internal and external services that we have. Firstly the staff here configured samba as domain institute.edu.br, but this way it is conflicting in the resolution of internal and external service names, since samba wants to respond for all requests and, even inserting a forward zone, does not it works. I configured a new DC as a subdomain, because in this way samba only responds to your requests and forward all the rest to the main dns. It became addc.institute.edu.br My question is whether there is any impediment in joining the domindom to the domain, transferring the fsmo roles and then demote the old one? -- Elias Pereira
On Tue, 14 Nov 2017 16:05:52 -0200 Elias Pereira via samba <samba at lists.samba.org> wrote:> Hello guys, > > I work at an institution where the domain is institute.edu.br. We > have a main dns that answers for the internal and external services > that we have. > > Firstly the staff here configured samba as domain institute.edu.br, > but this way it is conflicting in the resolution of internal and > external service names, since samba wants to respond for all requests > and, even inserting a forward zone, does not it works. > > I configured a new DC as a subdomain, because in this way samba only > responds to your requests and forward all the rest to the main dns. It > became addc.institute.edu.br > > My question is whether there is any impediment in joining the > domindom to the domain, transferring the fsmo roles and then demote > the old one? >Does nobody read the Samba wiki ??? As far as I am aware, AD subdomains do not work correctly with Samba AD. What you have done with the new DC, is what you should have done in the first place, created a subdomain of your main dns domain and used this for the AD dns domain and realm. I think you have two options here and I don't think you are going to like either ;-) Shut down your main DNS server and then use the Samba dns servers for everything in the domain, or start again with your new DC and DNS subdomain. Rowland
> > Does nobody read the Samba wiki ??? >What??? Samba has a wiki ??? *Bazinga *:D As far as I am aware, AD subdomains do not work correctly with Samba AD.> > What you have done with the new DC, is what you should have done in the > > first place, created a subdomain of your main dns domain and used this > > for the AD dns domain and realm. > >I started in this job now and it was already set up in this way. :( I think you have two options here and I don't think you are going to like either ;-)> Shut down your main DNS server and then use the Samba dns servers foreverything in the domain, or I think this option is not viable!!! start again with your new DC and DNS subdomain. DNS subdomain? Why? On Tue, Nov 14, 2017 at 5:11 PM, Rowland Penny <rpenny at samba.org> wrote:> On Tue, 14 Nov 2017 16:05:52 -0200 > Elias Pereira via samba <samba at lists.samba.org> wrote: > > > Hello guys, > > > > I work at an institution where the domain is institute.edu.br. We > > have a main dns that answers for the internal and external services > > that we have. > > > > Firstly the staff here configured samba as domain institute.edu.br, > > but this way it is conflicting in the resolution of internal and > > external service names, since samba wants to respond for all requests > > and, even inserting a forward zone, does not it works. > > > > I configured a new DC as a subdomain, because in this way samba only > > responds to your requests and forward all the rest to the main dns. It > > became addc.institute.edu.br > > > > My question is whether there is any impediment in joining the > > domindom to the domain, transferring the fsmo roles and then demote > > the old one? > > > > Does nobody read the Samba wiki ??? > > As far as I am aware, AD subdomains do not work correctly with Samba AD. > What you have done with the new DC, is what you should have done in the > first place, created a subdomain of your main dns domain and used this > for the AD dns domain and realm. > > I think you have two options here and I don't think you are going to > like either ;-) > > Shut down your main DNS server and then use the Samba dns servers for > everything in the domain, or start again with your new DC and DNS > subdomain. > > Rowland > >-- Elias Pereira
On Tue, 2017-11-14 at 16:05 -0200, Elias Pereira via samba wrote:> Hello guys, > > I work at an institution where the domain is institute.edu.br. We have a > main dns that answers for the internal and external services that we have. > > Firstly the staff here configured samba as domain institute.edu.br, but > this way it is conflicting in the resolution of internal and external > service names, since samba wants to respond for all requests and, even > inserting a forward zone, does not it works. > > I configured a new DC as a subdomain, because in this way samba only > responds to your requests and forward all the rest to the main dns. It > became addc.institute.edu.br > > My question is whether there is any impediment in joining the domindom to > the domain, transferring the fsmo roles and then demote the old one?Sadly what you need is the ability to rename a Samba domain, and this isn't something we support yet. Sorry, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Thanks for the feedback too Andrew!!! I will analyze and verify the least impactful way to try to solve this problem. On Wed, Nov 15, 2017 at 4:25 PM, Andrew Bartlett <abartlet at samba.org> wrote:> On Tue, 2017-11-14 at 16:05 -0200, Elias Pereira via samba wrote: > > Hello guys, > > > > I work at an institution where the domain is institute.edu.br. We have a > > main dns that answers for the internal and external services that we > have. > > > > Firstly the staff here configured samba as domain institute.edu.br, but > > this way it is conflicting in the resolution of internal and external > > service names, since samba wants to respond for all requests and, even > > inserting a forward zone, does not it works. > > > > I configured a new DC as a subdomain, because in this way samba only > > responds to your requests and forward all the rest to the main dns. It > > became addc.institute.edu.br > > > > My question is whether there is any impediment in joining the domindom to > > the domain, transferring the fsmo roles and then demote the old one? > > Sadly what you need is the ability to rename a Samba domain, and this > isn't something we support yet. > > Sorry, > > Andrew Bartlett > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/ > services/samba > >-- Elias Pereira