Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
According to the https://wiki.samba.org/index.php/Set...ain_Controller tutorial, I want to launch a Samba DC.
I want to create a domain with the name "MYDOMAIN" and in below example, why "--realm" has a "SAMDOM" prefix?
Hello,
According to the https://wiki.samba.org/index.php/Set...ain_Controller tutorial, I want to launch a Samba DC.
I want to create a domain with the name "MYDOMAIN" and in below example, why "--realm" has a "SAMDOM" prefix?
No, at least not as I understand it. If I am correct: in the example SAMDOM is the name of the domain, and SAMDOM.EXAMPLE.COM the name of the kerberos realm therein.
the name of the DC server would be something like: DC1.SAMDOM.EXAMPLE.COM.
As it was explained on that page:
Quote:
Domain: NetBIOS domain name (Workgroup). This can be anything, but it must be one word, not longer than 15 characters and not containing a dot. It is recommended to use the first part of the AD DNS domain. For example: samdom. Do not use the computers short hostname.
No, at least not as I understand it. If I am correct: in the example SAMDOM is the name of the domain, and SAMDOM.EXAMPLE.COM the name of the kerberos realm therein.
Thanks.
Why "--realm" has a prefix?
What happened if I use "--realm=EXAMPLE.COM --domain=SAMDOM"?
Thanks.
Why "--realm" has a prefix?
What happened if I use "--realm=EXAMPLE.COM --domain=SAMDOM"?
I cannot answer that. I know that KERBEROS was an FOSS project, and that Microsoft adopted parts of it, rewrote them (very slightly), and integrated them into the domain system. While there are little differences between the MS protocol and the more advanced FOSS KERBEROS they will always continue to communicate unless MS breaks the current domain system. The version MS pulled from is now OLD, and the communication between the two is a little odd. I have NOT researched at the SAMBA site or discussed the communication with the developers.
One thing to keep in mind is that the RHELM is NOT the DOMAIN. The two interact,and that interaction is critical. But they started out way back when (and somewhat continue on the SAMBA side) as different things that COULD be used together. It is important to set each up just right to make sure that they DO work together, because they are integrated on the Microsoft side and breaking one breaks both.
I think that many of the HOW-TO documents and tutorials do not make the difference, and interaction, clear enough. It would be easier to make everything work if the user understood them better individually first, then learned how to make them agree.
If you decide to run tests of that I recommend you do so on a test machine where you do not care greatly if your break the membership and authentication totally.
I cannot answer that. I know that KERBEROS was an FOSS project, and that Microsoft adopted parts of it, rewrote them (very slightly), and integrated them into the domain system. While there are little differences between the MS protocol and the more advanced FOSS KERBEROS they will always continue to communicate unless MS breaks the current domain system. The version MS pulled from is now OLD, and the communication between the two is a little odd. I have NOT researched at the SAMBA site or discussed the communication with the developers.
One thing to keep in mind is that the RHELM is NOT the DOMAIN. The two interact,and that interaction is critical. But they started out way back when (and somewhat continue on the SAMBA side) as different things that COULD be used together. It is important to set each up just right to make sure that they DO work together, because they are integrated on the Microsoft side and breaking one breaks both.
I think that many of the HOW-TO documents and tutorials do not make the difference, and interaction, clear enough. It would be easier to make everything work if the user understood them better individually first, then learned how to make them agree.
If you decide to run tests of that I recommend you do so on a test machine where you do not care greatly if your break the membership and authentication totally.
I would start with the SAMBA group web sites, documentation, WIKI, and forums. Those are the developer domains where you can run into the people who know ALL of it.
No, at least not as I understand it. If I am correct: in the example SAMDOM is the name of the domain, and SAMDOM.EXAMPLE.COM the name of the kerberos realm therein.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.