refactor(setup ad): add use rfc2307 and forwarder dns

Author: LizenzFass78851

setup_debian-active-directory/1-install_samba_ad.sh

@@ -36,7 +36,7 @@ systemctl restart networking
 # 3. Configure resolve file
 cat > /etc/resolv.conf << EOF
 search ${REALM}
-nameserver ${PRIMARY_DC_GATEWAY_IP}
+nameserver ${PRIMARY_DC_FORWARDER_DNS}
 EOF
 
 # 4. Set hostname
@@ -78,7 +78,8 @@ rm -f /var/lib/samba/private/*.tdb
 echo "Provisioning Samba AD..."
 samba-tool domain provision --use-rfc2307 --realm="${REALM}" --domain="${DOMAIN}" \
     --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass="${ADMIN_PASSWORD}" \
-    --option="interfaces=127.0.0.1 ${PRIMARY_DC_IP}" --option="bind interfaces only=yes"
+    --option="interfaces=127.0.0.1 ${PRIMARY_DC_IP}" --option="bind interfaces only=yes" \
+    --option="dns forwarder=${PRIMARY_DC_FORWARDER_DNS}"
 
 # 11. Copy Kerberos configuration
 echo "Configuring Kerberos..."
@@ -97,7 +98,6 @@ iface ${PRIMARY_DC_INTERFACE} inet static
     address ${PRIMARY_DC_IP}
     netmask 255.255.255.0
     gateway ${PRIMARY_DC_GATEWAY_IP}
-    dns-nameservers ${PRIMARY_DC_IP}
 EOF
 systemctl restart networking
 

setup_debian-active-directory/2-join_additional_dc.sh

@@ -80,6 +80,8 @@ echo "Joining domain as additional DC..."
 samba-tool domain join ${REALM} DC -U"administrator%${ADMIN_PASSWORD}" \
     --option="interfaces=127.0.0.1 ${SECONDARY_DC_IP}" \
     --option="bind interfaces only=yes" \
+    --option="idmap_ldb:use rfc2307 = yes" \
+    --option="dns forwarder=${SECONDARY_DC_FORWARDER_DNS}" \
     --dns-backend=SAMBA_INTERNAL
 
 # 11. Copy Kerberos configuration

setup_debian-active-directory/2-join_additional_rodc.sh

@@ -80,6 +80,8 @@ echo "Joining domain as additional DC..."
 samba-tool domain join ${REALM} RODC -U"administrator%${ADMIN_PASSWORD}" \
     --option="interfaces=127.0.0.1 ${SECONDARY_DC_IP}" \
     --option="bind interfaces only=yes" \
+    --option="idmap_ldb:use rfc2307 = yes" \
+    --option="dns forwarder=${SECONDARY_DC_FORWARDER_DNS}" \
     --dns-backend=SAMBA_INTERNAL
 
 # 11. Copy Kerberos configuration

setup_debian-active-directory/env.example

@@ -7,6 +7,7 @@ PRIMARY_DC_IP="10.10.20.220"
 PRIMARY_DC_INTERFACE="enp1s0"
 PRIMARY_DC_NETWORK="10.10.20.0/24"
 PRIMARY_DC_GATEWAY_IP="10.10.20.1"
+PRIMARY_DC_FORWARDER_DNS="${PRIMARY_DC_GATEWAY_IP}"
 PRIMARY_DC_PTR_ADDRESS="20.10.10.in-addr.arpa"
 
 # Secondary DC Configuration  
@@ -15,6 +16,7 @@ SECONDARY_DC_IP="10.10.20.221"
 SECONDARY_DC_INTERFACE="enp1s0"
 SECONDARY_DC_NETWORK="10.10.20.0/24"
 SECONDARY_DC_GATEWAY_IP="10.10.20.1"
+SECONDARY_DC_FORWARDER_DNS="${SECONDARY_DC_GATEWAY_IP}"
 SECONDARY_DC_PTR_ADDRESS="20.10.10.in-addr.arpa"
 
 # Domain Admin Password (change this!)

setup_ubuntu-active-directory/1-install_samba_ad.sh

@@ -34,7 +34,7 @@ network:
           via: ${PRIMARY_DC_GATEWAY_IP}
       nameservers:
         search: [${REALM}]
-        addresses: [${PRIMARY_DC_GATEWAY_IP}]
+        addresses: [${PRIMARY_DC_FORWARDER_DNS}]
 EOF
 chmod 600 /etc/netplan/99-${PRIMARY_DC_INTERFACE}-static-${PRIMARY_DC_IP}.yaml
 netplan apply
@@ -92,7 +92,8 @@ rm -f /var/lib/samba/private/*.tdb
 echo "Provisioning Samba AD..."
 samba-tool domain provision --use-rfc2307 --realm="${REALM}" --domain="${DOMAIN}" \
     --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass="${ADMIN_PASSWORD}" \
-    --option="interfaces=127.0.0.1 ${PRIMARY_DC_IP}" --option="bind interfaces only=yes"
+    --option="interfaces=127.0.0.1 ${PRIMARY_DC_IP}" --option="bind interfaces only=yes" \
+    --option="dns forwarder=${PRIMARY_DC_FORWARDER_DNS}"
 
 # 11. Copy Kerberos configuration
 echo "Configuring Kerberos..."

setup_ubuntu-active-directory/2-join_additional_dc.sh

@@ -94,6 +94,8 @@ echo "Joining domain as additional DC..."
 samba-tool domain join ${REALM} DC -U"administrator%${ADMIN_PASSWORD}" \
     --option="interfaces=127.0.0.1 ${SECONDARY_DC_IP}" \
     --option="bind interfaces only=yes" \
+    --option="idmap_ldb:use rfc2307 = yes" \
+    --option="dns forwarder=${SECONDARY_DC_FORWARDER_DNS}" \
     --dns-backend=SAMBA_INTERNAL
 
 # 11. Copy Kerberos configuration

setup_ubuntu-active-directory/2-join_additional_rodc.sh

@@ -94,6 +94,8 @@ echo "Joining domain as additional DC..."
 samba-tool domain join ${REALM} RODC -U"administrator%${ADMIN_PASSWORD}" \
     --option="interfaces=127.0.0.1 ${SECONDARY_DC_IP}" \
     --option="bind interfaces only=yes" \
+    --option="idmap_ldb:use rfc2307 = yes" \
+    --option="dns forwarder=${SECONDARY_DC_FORWARDER_DNS}" \
     --dns-backend=SAMBA_INTERNAL
 
 # 11. Copy Kerberos configuration

setup_ubuntu-active-directory/env.example

@@ -7,6 +7,7 @@ PRIMARY_DC_IP="10.10.20.220"
 PRIMARY_DC_INTERFACE="enp1s0"
 PRIMARY_DC_NETWORK="10.10.20.0/24"
 PRIMARY_DC_GATEWAY_IP="10.10.20.1"
+PRIMARY_DC_FORWARDER_DNS="${PRIMARY_DC_GATEWAY_IP}"
 PRIMARY_DC_PTR_ADDRESS="20.10.10.in-addr.arpa"
 
 # Secondary DC Configuration  
@@ -15,6 +16,7 @@ SECONDARY_DC_IP="10.10.20.221"
 SECONDARY_DC_INTERFACE="enp1s0"
 SECONDARY_DC_NETWORK="10.10.20.0/24"
 SECONDARY_DC_GATEWAY_IP="10.10.20.1"
+SECONDARY_DC_FORWARDER_DNS="${SECONDARY_DC_GATEWAY_IP}"
 SECONDARY_DC_PTR_ADDRESS="20.10.10.in-addr.arpa"
 
 # Domain Admin Password (change this!)