Greetings,
I'm not sure what else to add. If you need more info please let me know.
Any input is greatly appreciated.
Eric
On Sat, Mar 4, 2023 at 2:58?PM Eric <rvwbug at gmail.com> wrote:
> Greetings,
>
> This is my first attempt at multi-site with unique subnets (actually
> first attempt at more than on DC).
>
> I had the existing "defaultFirstSite" then added a second site
and
> two subnets (that I associated with each site).
>
> I joined a second DC from the second site with the following:
>
> samba-tool domain join ssc.domain.com DC -Uadministrator --realm>
ssc.domain.com --site=smithCo
>
> DC01 = defaultFirstSite 10.1.211.0/25
>
> [global]
> dns forwarder = 10.1.211.254
> netbios name = DC01
> realm = SSC.DOMAIN.COM
> server role = active directory domain controller
> workgroup = SSC
> idmap_ldb:use rfc2307 = yes
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [netlogon]
> path = /var/lib/samba/sysvol/ssc.domain.com/scripts
> read only = No
>
>
>
> DC02 = smithCo 192.168.11.0/24
> [global]
> dns forwarder = 192.168.11.1
> netbios name = DC02
> realm = SSC.DOMAIN.COM
> server role = active directory domain controller
> workgroup = SSC
> idmap_ldb:use rfc2307 = yes
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [netlogon]
> path = /var/lib/samba/sysvol/ssc.domain.com/scripts
> read only = No
>
>
> Both Forwarders go to each respective router/gateway device.
>
> I'm unsure how to handle DNS management. I thought I would be able to
> connect to
> DC02 DNS server (as I've done with DC01) using RSAT. I get an error
> when trying to add DC02 as a DNS server
> Error:
> "Access was denied, would you like to add it anyway"
>
> I'm I supposed to manage all DNS via DC01 only?
> If so, do I add a reverse zone or any other items directly
> to DC01 dns server records? Is there any documentation
> on managing multiple DCs (DNS and perhaps DHCP using
> multi-sites and subnets)? I found the docs on how to set it up
> but the management part is unknown to me.
> This is what I used for the setup:
> https://wiki.samba.org/index.php/Active_Directory_Sites
>
> Following this wiki
>
>
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Verifying_Directory_Replication
>
> Is the section "Built-in User & Group ID Mappings" still
relevant? I ask
> because I thought SAMBA4 has some
> built-in replication. I thought everything gets replicated aside from
> group policies. Perhaps this is package/distro dependent?
>
> Thanks in advance,
>
> Eric
>
>