Web lists-archives.com

Re: [Samba] dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)




On Mon, 14 Jan 2019 13:03:42 +0100
"L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> Hai Rowland,
> > 
> > We are talking a Samba AD DC here and this means the realm must be
> > the same as the forest dns domain. As Samba AD doesn't (yet) support
> > subdomains, the domain will be the same as the forest domain.
> > There is a line here:
> > 
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active
> > _Directory_Domain_Controller
> > 
> > Under 'Preparing the installation'
> > 
> > Select a DNS domain for your AD forest. The name will also be used
> > as the AD Kerberos realm.
> 
> Hmm, here i have something the for you, i'll pm it to you. 
> 

OK, got it, I will have a look at it.

> > Wouldn't this have the same problem ?
> > Not trying to be argumentative, just trying to understand the
> > problem.
> Just avoiding possible problems and keep it clear that dnsdomain !=
> REALM. 
> 

Still not really understanding this, I think you are saying that in
Windows AD, the REALM does not have to be the same as the dns domain,
it could be a dns subdomain like 'subdomain.example.com' with a REALM
of 'EXAMPLE.COM' (or visa versa). As I have said, you cannot have a
subdomain yet (and Windows is recommending to not use subdomains), so,
as far as Samba is concerned, the REALM is the dns domain in
uppercase.

Again, just trying to understand.

Rowland

  

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba