[Samba] Samba4 DC with Secondary Questions

Rowland Penny rpenny at samba.org
Thu Jun 8 08:09:19 UTC 2017 

On Wed, 7 Jun 2017 15:47:31 -0700
Nowell Morris <nowell29 at gmail.com> wrote:

> Rowland,  thank you for the reply.
> 
> I must have misstated.  We have successfully setup our first DC.  It
> works great with DHCP and BIND9_DLZ and updates nicely as it is
> designed to, kerberos and all.
> 
> The question is about the second server.  Perhaps MY understanding of
> what I have read on the samba wiki, and others, is different than
> actual reality.  http://bit.ly/2r3IOjt   ;)
> 
> Perhaps if I show you the information I have gathered it will help you
> understand what I am asking.
> 
> I have written this couple wiki pages to help me keep track.  I have
> gone through the steps and ironed out most of the bugs.  I CAN follow
> these steps repeatedly to have functioning DC's functioning Kerberos,
> and functioning DNS.  I am just not sure that I have done as
> best-practice. The 'second' server is also up, but I am not sure it
> is as it ought to be.
> 
> Please be gentle in your review :)
> http://wiki.nowell29.com/w/index.php/Samba_Setup
> 
> I am confident on what I am calling my 'Primary', but not as
> confident on what I call my 'secondary'.
> 
> --

Going down the first DC set up:

You do not need the rndc key.
You are using flatfiles (you are also probably using dlz as well)
You do not need the zone file.
You do not need the reverse zone file.
Your dhcp file is wrong, see the wiki for a known working setup.
Your ntp.conf isn't setup correctly.
You do not need to alter fstab if you are using ext4.
You do not need to install all those packages, quite a few of them are
only needed if you are going to compile Samba.
You might as well just press enter during the kerberos install, you
will replace krb5.conf after the provision.
If you use Bind9, you do not need the 'dns forwarder' line in smb.conf

The second DC:
You are using bind flatfiles
You do not need dnssec
You do not use ntpdate, you should use ntp and set it up exactly the
same as on the first DC (when you get that right)
You do not need to alter fstab if you use ext4
You do not need to install all those packages, quite a few of them are
only needed if you are going to compile Samba.
You might as well just press enter during the kerberos install, you
will replace krb5.conf after the provision.
If you use Bind9, you do not need the 'dns forwarder' line in smb.conf

Sorry about the long lists, but, again sorry, you seem to be doing
most things wrong.

Rowland

More information about the samba mailing list