[Samba] AD + Bind DLZ + Site

Rowland penny rpenny at samba.org
Wed Feb 10 14:38:14 UTC 2016 

On 10/02/16 14:07, mathias dufresne wrote:
>
>
> 2016-02-10 14:37 GMT+01:00 Rowland penny <rpenny at samba.org 
> <mailto:rpenny at samba.org>>:
>
>     On 10/02/16 11:12, mathias dufresne wrote:
>
>         Hi all,
>
>         Using 4.3.4 + Bind DLZ @ Centos 7.
>
>         Regarding AD sites, I have several questions:
>
>         1° Is it possible with Samba4 to rename Default-First-Site-Name?
>
>
>     Depends on what you mean, if you mean can it be changed, then the
>     answer is yes. If you mean can it be changed with samba-tool, then no.
>
>
> OK. I tried once and I had to reinstall the whole domain. I was using 
> RPM manually created with patch for demote dead servers. Rpmbuild 
> never complained about that patch but samba-tool did not get the 
> option to demote dead servers. Perhaps the patch I get wasn't the 
> right one, perhaps that patch would have broken part of this packaged 
> samba...
> Of course the issue can come from me, but as I used RSAT to rename the 
> site, I can't see how I could do a mistake...
>
>
>
>         2° samba-tool sites create <name>
>         does not link new site to DEFAUTLIPSITELINK, is it the correct
>         behaviour?
>
>
>     Probably not.
>
>
> OK
>
>
>         3° When a DC is not in Default-First-Site-Name, no DNS records
>         related to
>         that DC should exists in Default-First-Site-Name related DNS
>         records. Is
>         that true?
>         ex: _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld
>         should not
>         exist.
>
>
>     Again probably not.
>
>
> According to your next reply, I take your reply as a "yes, that's 
> true. A DC should be referenced only in site it belongs."
>
> Once more, my question was not clear, sorry about that.
>
>
>         4° When a DC is moved from one site to another site, all DNS
>         records
>         related to old site should be automatically removed?
>
>
>     Yes
>
>
> OK
>
>
>         5° If 4° is true, what trigger the change in DNS
>         configuration? Is it a
>         samba restart which will run samba_dnsupdate which would
>         perform that
>         creation of DNS records and deletion of the old ones or
>         samba_dnsupdate (or
>         equivalent) is run without the need of a restart/reboot?
>
>
>     I don't think there is anything to do this at present. The main
>     problem (as I see it) is that when you provision a domain, all the
>     records are created for you, but when you join another DC, they
>     are not. You have to start/restart samba and this then adds
>     various dns records including the site ones.
>
>
> OK. So no trigger.
>
> samba_dnsupdate should solve the issue as a restart of samba service 
> or restarting samba is really needed?
>
>

I have been reading the 'samba-tool sites' code and it appears that it 
creates new sites in 'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'.

I think it should be creating it in 
'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'

I think is should also add a 'siteList' attribute containing
'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' to
'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site 
Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'

Rowland

More information about the samba mailing list