Web lists-archives.com

Re: [Samba] Setup a Samba AD DC as an additional DC




On Wed, 21 Nov 2018 10:22:21 +0000
"Barry D. Adkins via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> I've installed these packages:
> 
> apt-get install samba winbind libnss-winbind libpam-winbind
> libpam-krb5 krb5-config
> 
> Installing on fresh Ubuntu 18.04 server
> 
> Nothing is configured yet as following the wikis you come to the DNS
> configuration before you get to configuring Samba stuff.
> 
> Wiki states: If you are planning to set up a Samba Active Directory
> (AD) domain controller (DC) using the BIND9_DLZ back end, you have to
> install and configure the BIND DNS server first.

That isn't entirely true, you need to install Bind9 before you
provision with BIND9_DLZ, but you can configure it after the provision
and before you start Samba. 
> 
> And :  By default, the first Domain Controller (DC) in a forest runs
> a DNS server for Active Directory (AD)-based zones. For failover
> reasons it is recommended to run multiple DCs acting as a DNS server
> in a network. If you consider providing a DNS service on the new
> DC: ?  For the BIND9_DLZ back end, see BIND9_DLZ DNS Back
> End<https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End>. Finish
> this task before you start the Samba DC service.

Yes, every Samba AD DC is a dns server, unless you provision with
'--dns-backend=NONE' and this isn't recommended. You do not have to use
Bind9, Samba has its own dns server.

> 
> I really didn't want to tackle this now but I will as eventually all
> the Windows Servers will go away.  I had hoped to migrate things one
> by one.

Just provision using the internal dns server (the default) and upgrade
to Bind9 later.

> 
> I have embarked on learning bind, bind9, etc. now noting all the
> numerous details I must follow on wikis to get that going.  I am
> wondering is the DNS on the Samba AD DC going to get all the DNS
> entries from the Windows AD DNS servers?  I suppose I'll also setup
> the Samba AD DC as the DHCP server as that doesn't seem so difficult.

It isn't, just follow the wiki page and shout if something goes wrong
(it shouldn't)

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba