Trying to join to an AD created on NSDC. Here the “cleaned” details
STARTTLS
Disabled
Bind password
not.today.dude;-)
Base DN
dc=ad,dc=domain,dc=tld
Bind DN
ldapservice@AD.DOMAIN.TLD
LDAP server URI
ldaps://nsdc-nethhost.ad.domain.tld
Active Directory IP
192.168.98.38
User DN
dc=ad,dc=domain,dc=tld
Group DN
dc=ad,dc=domain,dc=tld
nethhost.domain.tld = 192.168.98.39
nsdc-nethhost.domain.tld = 192.168.98.38
solved both on nslookup.
Green: bridge for the two newtork interfaces.
nethhost hosts also DHCP server, wich provide nethhost as DNS and not NSDC.
nethhost is a ESXi guest, and now promiscuos mode is enabled.
Which name i should use for lookup for the domain? DOMAIN? ad.domain.tld? AD.DOMAIN.TLD?
ad.domain.tld with the IP of the AD
Create a second one with the full name shown in Cockpit under Account Provider, also using the same IP of your AD. Just to make sure…
Currently DHCP server provides nethhost.domain.tld ip address as the only DNS server. And for what i’ve seen, it allows also to browse the internet. NTP servers provided are outside the network range (currently IDK if Nethserver acts as NTP proxy server or not)
I hope that this topic will become a… “nice enough” checklist with title “before damage your head against the wall, check these things to join NSDC/AD”.
Goal of using NSDC as AD is… having a Windows-friendly centralized authentication service.
If the creation of the A record for ad.domain.tld is considered best practice from the company who created this kind of service, IMVHO this should be automatically done…
You don’t like Redmond products? That’s fair, IMVHO sometimes Cupertino hardware policies should be showed down some deep and acid hole, and this should be fair too.
But anyway, even Linux and MacOS, moreover iOS are sort of “AD Friendly”, soon IMVHO they will become Azure friendly too. I mean… Even Samba TNG is sort of AD-friendliness…
Policy discussions aside, i will check soon if the record, still not showed, is already present into the DNS entry list.