Re: [Samba] dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
- Date: Mon, 14 Jan 2019 13:40:26 +0100
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> Rowland Penny via samba
> Verzonden: maandag 14 januari 2019 13:21
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] dehydrated hook for LetsEncrypt certs
> and samba dns (was: samba-tool auth in scripts)
> On Mon, 14 Jan 2019 13:03:42 +0100
> "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> > Hai Rowland,
> > >
> > > We are talking a Samba AD DC here and this means the realm must be
> > > the same as the forest dns domain. As Samba AD doesn't
> (yet) support
> > > subdomains, the domain will be the same as the forest domain.
> > > There is a line here:
> > >
> > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active
> > > _Directory_Domain_Controller
> > >
> > > Under 'Preparing the installation'
> > >
> > > Select a DNS domain for your AD forest. The name will also be used
> > > as the AD Kerberos realm.
> > Hmm, here i have something the for you, i'll pm it to you.
> OK, got it, I will have a look at it.
> > > Wouldn't this have the same problem ?
> > > Not trying to be argumentative, just trying to understand the
> > > problem.
> > Just avoiding possible problems and keep it clear that dnsdomain !=
> > REALM.
> Still not really understanding this, I think you are saying that in Windows AD, the REALM does not have to be the same as the dns domain.
No, RFC stats that.
> it could be a dns subdomain like 'subdomain.example.com' with a REALM
> of 'EXAMPLE.COM' (or visa versa). As I have said, you cannot have a
> subdomain yet (and Windows is recommending to not use subdomains), so,
> as far as Samba is concerned, the REALM is the dns domain in
> Again, just trying to understand.
Here this is a bit what stefan Kania was doing with the subdomains.
If im correct page 97-98
Chap : 126.96.36.199.
( quick search for you )
To unsubscribe from this list go to the following URL and read the