Differences between version 33 and revision by previous author of ActiveDirectorySamba.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 33 | Last edited on Thursday, August 26, 2004 9:19:27 pm | by RobinStephenson | Revert |
| Older page: | version 30 | Last edited on Thursday, June 17, 2004 7:36:04 pm | by DanielLawson | Revert |
@@ -48,8 +48,10 @@
192.168.0.209 mail mail.thinclient.test.org
</verbatim>
The correct method is to setup DNS on the server which can be done through the DNS console in the Administrative Tools section of Windows 2000/2003 Server. We won't go into the details of setting this up here, but we will specify the Linux side of that here.
+
+''A good way to set this up is to have a Linux-based BIND server doing name resolution for your site 'mydomain.tld', just as you normally would; then configure BIND to delegate the special Active Directory sub-domains DomainDnsZones.mydomain.tld and so on to the Windows Server 2003 box. Then, configure Windows Server 2003 DNS to be a caching proxy using the Linux BIND box as its parent, except for the AD sub-domains for which (I suppose) it should be authoritative. All machines can then use the Linux box for DNS. This way, name resolution of normal names stays on good ole reliable Linux where it belongs, the Windows Active Directory crud goes on Windows where it belongs, and everything's happy. When Windows Server 2003 BSODs, the AD stuff stops working (there's no avoiding that when the PDC BSODs); however normal (non-AD) name resolution is unaffected. --MatthewSanderson
<verbatim>
/etc/resolv.conf
@@ -110,9 +112,9 @@
We need to generate a key for our samba machine on the Windows server, and securely import this into our samba machine.
To create the keyfile we run the following on the Windows server:
<verbatim>
- ktpass - princ host/mail.thinclient.test.org@THINCLIENT.TEST.ORG \
+ ktpass -princ host/mail.thinclient.test.org@THINCLIENT.TEST.ORG \
-mapuser MAIL -pass MAIL1234PASSWORD -out mail.keytab
</verbatim>
''This and many other tools for managing kerberos in Windows 2000 are located in the support tools which are directly downloadable from [Microsoft|http://www.microsoft.com/downloads/details.aspx?familyid=f08d28f3-b835-4847-b810-bb6539362473&displaylang=en]'' -- JanGerle
