[Samba] AD + Bind DLZ + Site
mathias dufresne
infractory at gmail.com
Wed Feb 10 16:27:32 UTC 2016
2016-02-10 16:54 GMT+01:00 Rowland penny <rpenny at samba.org>:
> On 10/02/16 15:36, mathias dufresne wrote:
>
>> My answer below.
>>
>> 2016-02-10 15:38 GMT+01:00 Rowland penny <rpenny at samba.org <mailto:
>> rpenny at samba.org>>:
>>
>> On 10/02/16 14:07, mathias dufresne wrote:
>>
>>
>>
>> 2016-02-10 14:37 GMT+01:00 Rowland penny <rpenny at samba.org
>> <mailto:rpenny at samba.org> <mailto:rpenny at samba.org
>>
>> <mailto:rpenny at samba.org>>>:
>>
>>
>> On 10/02/16 11:12, mathias dufresne wrote:
>>
>> Hi all,
>>
>> Using 4.3.4 + Bind DLZ @ Centos 7.
>>
>> Regarding AD sites, I have several questions:
>>
>> 1° Is it possible with Samba4 to rename
>> Default-First-Site-Name?
>>
>>
>> Depends on what you mean, if you mean can it be changed,
>> then the
>> answer is yes. If you mean can it be changed with
>> samba-tool, then no.
>>
>>
>> OK. I tried once and I had to reinstall the whole domain. I
>> was using RPM manually created with patch for demote dead
>> servers. Rpmbuild never complained about that patch but
>> samba-tool did not get the option to demote dead servers.
>> Perhaps the patch I get wasn't the right one, perhaps that
>> patch would have broken part of this packaged samba...
>> Of course the issue can come from me, but as I used RSAT to
>> rename the site, I can't see how I could do a mistake...
>>
>>
>>
>> 2° samba-tool sites create <name>
>> does not link new site to DEFAUTLIPSITELINK, is it the
>> correct
>> behaviour?
>>
>>
>> Probably not.
>>
>>
>> OK
>>
>>
>> 3° When a DC is not in Default-First-Site-Name, no DNS
>> records
>> related to
>> that DC should exists in Default-First-Site-Name
>> related DNS
>> records. Is
>> that true?
>> ex:
>> _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld
>> should not
>> exist.
>>
>>
>> Again probably not.
>>
>>
>> According to your next reply, I take your reply as a "yes,
>> that's true. A DC should be referenced only in site it belongs."
>>
>> Once more, my question was not clear, sorry about that.
>>
>>
>> 4° When a DC is moved from one site to another site,
>> all DNS
>> records
>> related to old site should be automatically removed?
>>
>>
>> Yes
>>
>>
>> OK
>>
>>
>> 5° If 4° is true, what trigger the change in DNS
>> configuration? Is it a
>> samba restart which will run samba_dnsupdate which would
>> perform that
>> creation of DNS records and deletion of the old ones or
>> samba_dnsupdate (or
>> equivalent) is run without the need of a restart/reboot?
>>
>>
>> I don't think there is anything to do this at present. The
>> main
>> problem (as I see it) is that when you provision a domain,
>> all the
>> records are created for you, but when you join another DC,
>> they
>> are not. You have to start/restart samba and this then adds
>> various dns records including the site ones.
>>
>>
>> OK. So no trigger.
>>
>> samba_dnsupdate should solve the issue as a restart of samba
>> service or restarting samba is really needed?
>>
>>
>>
>> I have been reading the 'samba-tool sites' code and it appears
>> that it creates new sites in
>> 'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'.
>>
>> I think it should be creating it in
>> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>>
>>
>> I did look into the both domain I have here at work, one is 4.3.4 and the
>> other one is 4.4.0rc2.
>> There is no CN=Sites,DC=samdom,DC=example,DC=com but only
>> CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com.
>>
>
> OK, I have only 'CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
> where 'DC=samdom,DC=example,DC=com' is my rootdse i.e the domain name is
> samdom.example.com
>
> So samba-tool is not creating site at the wrong place.
>
>> Of course there is also no
>> CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com and only
>> CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com is present.
>>
>>
> 'NEWSITE' is a placeholder for whatever site name you want to replace
> Default-First-Site-Name with.
> i.e. if you wanted to add a site called 'mysite' you would end up with:
>
> 'CN=mysite,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>
My colleague said: "Thank you Captain Obvious" ;)
>
>
> Which version of Samba were you looking into?
>>
>
> 4.4 i.e. samba.master
>
OK. As in fact there is no issue about place were entry is created, only
the link to defaultipsitelink is missing.
Perhaps something to create new site link could be added, but not sure at
all it is relevant: Site links are perhaps easier to manage through RSAT...
I have not enough background to tell. Cardon brothers could have a view on
that as they deployed some domain with lot of sites and had to deal with
replication issue, as they told me once. Perhaps they also played with site
links...
>
>
>> I think is should also add a 'siteList' attribute containing
>> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' to
>> 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site
>> Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>>
>>
>> That's a very interesting information. For now and as I'm starting to be
>> pushed by time, I would rely on RSAT to change that. That's the only things
>> I spotted as missing with 4.4.0 and site management (because 4.4.0 comes
>> with improvement of site management, thank to devs ;)
>>
>
> Ok
>
>
> Rowland
>
>
> Cheers,
mathias
More information about the samba
mailing list