Thank you.
Two things:
-
I was wanting the AD DC to be the “central point” where the two subnets would come together.
-
The two subnets are physically separated with two physically separate routers. One subnet goes through a VPN and the other doesn’t.
For what I am trying to do with centralising the user accounts, DNS, and steam cache – (which the latter two are closely interconnected) – what I am trying to avoid needing to do, because one subnet goes through a VPN and the other doesn’t – is that I would need two separate AD DCs (one for each subnet) and then I would have to manually sync up the two AD DCs. (which 6 user accounts, isn’t terrible, but if there is a smarter way to do this, then I would prefer to learn from the experts).
It is my understanding that because of this layout - that even managed L2 switches with VLAN tagging won’t be able to effectively separate out traffic that runs through said VPN from traffic that doesn’t. (I don’t think that I can connect two routers to a single 48-port GbE L2 managed switch and VLAN tag the traffic such that it will understand that half of it goes through a VPN whilst the other half does not.)
But if I am incorrect in my assumptions, please educate me as this is all a learning experience for me.
Thank you.
(sidebar: I’ve now tried both the Turnkey linux domain controller and Zentyal.
Turnkey linux domain controller – I can’t get the second DC to join the first AD DC.
I get the NT_STATUS_NO_TRUST_SAM_ACCOUNT error message. Tried googling that and then tried manually enabling and also read and tried to deploy Samba as the AD DC and then having the second one join the first (manually) from Samba wiki and none of that worked.
For Zentyal, I was able to get the second AD DC to join the first AD DC, so that part worked.
But in Ubuntu 20.04, I think the success rate of a domain user being able to log in successfully is something like 2% right now. Something like that. (Out of about 50 attempts, only 1 went through.)
I did install the required packages for sssd and adcli, etc. and I was able to join the realm, but that’s about as far as that goes, in any consistent manner.
Logging on with Ubuntu is mostly a no-go.
Windows 10, on the other hand – I have no problems with that.
Might have to bite the bullet and deploy Windows Server 2019 to see if I might have more luck with that.)