Stefan G. Weichinger
2024-Dec-10 07:46 UTC
[Samba] preparing for a new site with an extra domain controller
Greetings! after all these years of running Samba I am still learning and having to learn more :-) I am trying to research howtos and docs, but from my experience it sometimes would have been better to ask BEFORE trying things. So: At a customer we happily run 2 samba-AD-DCs for one single AD domain, on one geographical site, in one single IP subnet. (using samba-4.21.2 as I write this) Now they took over another small company and plan to connect that to the AD as well. Correct me if I am wrong: I suggested to add a 3rd AD DC and place it there. We already have a site-to-site-VPN (wireguard) between the 2 sites that works well. So I would deploy a 3rd DC, join it to the AD and move it to their office. I googled that and found this howto: https://wiki.samba.org/index.php/Active_Directory_Sites Should the 3rd DC be in place (= in the "target subnet") already before joining? I think so ... to get the DNS etc correct. I assume that renaming or changing IP should be avoided if possible, so it might be best to deploy the DC with running (Debian-12.8.0) linux and get the networking fixed before the join, right? Any other things to take care of here? Is the concept of "sites" the right to apply here? What about the old office? We don't have a site defined for that yet, does it make sense or is it even needed to define a site for that as well? Could that break things in some way? Thanks for any help and pointers! Stefan
Luis Peromarta
2024-Dec-10 08:28 UTC
[Samba] preparing for a new site with an extra domain controller
From my experience, create the DC in the new office. Join domain. Using the mmc Sites and Sevices from a windows workstation, create new site and assign network. You can choose to rename the default site or create new site and assign network there. This is not necessary. I don?t recall doing anything else. On 10 Dec 2024 at 08:06 +0000, Stefan G. Weichinger via samba <samba at lists.samba.org>, wrote:> > Greetings! > > after all these years of running Samba I am still learning and having to > learn more :-) > > I am trying to research howtos and docs, but from my experience it > sometimes would have been better to ask BEFORE trying things. > > So: > > At a customer we happily run 2 samba-AD-DCs for one single AD domain, on > one geographical site, in one single IP subnet. > > (using samba-4.21.2 as I write this) > > Now they took over another small company and plan to connect that to the > AD as well. > > Correct me if I am wrong: > > I suggested to add a 3rd AD DC and place it there. > > We already have a site-to-site-VPN (wireguard) between the 2 sites that > works well. > > So I would deploy a 3rd DC, join it to the AD and move it to their > office. I googled that and found this howto: > > https://wiki.samba.org/index.php/Active_Directory_Sites > > Should the 3rd DC be in place (= in the "target subnet") already before > joining? I think so ... to get the DNS etc correct. > > I assume that renaming or changing IP should be avoided if possible, so > it might be best to deploy the DC with running (Debian-12.8.0) linux and > get the networking fixed before the join, right? > > Any other things to take care of here? > > Is the concept of "sites" the right to apply here? What about the old > office? We don't have a site defined for that yet, does it make sense or > is it even needed to define a site for that as well? Could that break > things in some way? > > Thanks for any help and pointers! > > Stefan > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba