[Samba] Recurrent DNS issues after DC loss

[Ole Traupe]

On 06.06.2018 17:42, Rowland Penny via samba wrote:
> On Wed, 6 Jun 2018 16:26:53 +0200
> Ole Traupe via samba <samba at lists.samba.org> wrote:
>
>>
>> On 06.06.2018 16:02, Rowland Penny via samba wrote:
>>> On your DC, set the AD DNS domain in the domain and the IP of your
>>> DC in the nameserver parameter of the /etc/resolv.conf file. For
>>> example:
>>>
>>> domain samdom.example.com
>>> nameserver 10.99.0.1
>> So "domain" and not "search"? I had "search" set due to the result of
>> some discussion on the list.
> DOH! no it should be search and it now says so on the DC wikipage.
>
>>>> I seem to remember having read here on the list, that it is no good
>>>> idea to mix samba versions in a domain. If there is sound advice to
>>>> do it anyways, I would be up for trying it. However, as I have
>>>> written above, I messed up the uid/gid ranges. To my understanding,
>>>> later versions of Samba (like 4.5) _require_ the ranges to comply
>>>> to the defaults as denoted by the wiki.
>>> There is nothing to stop you using different versions on DCs and you
>>> can do the same with Unix domain members, unless you are using the
>>> 'ad' backend  and are NOT using Domain Users as the users Unix
>>> primary group.
>> Why and how would I _not_ do this?
> Perhaps I should have been a little more precise, you shouldn't use
> versions earlier than 4.6.0 with versions >= 4.6.0 on Unix domain
> members, if you also set 'idmap config <DOMAIN> : unix_primary_group =
> yes' on the >= 4.6.0 machines.
>
>> However, I wasn't able to remove the DC itself from Sites and Service
>> as well as from "Domain Controllers" in ADUC. I get "Windows cannot
>> delete object [...] because: The specified module could not be found."
>>
> You may have to remove it with ldbdelete, try an ldbsearch on the DC
> first, if you can find it, ldbdelete should be able to delete it.
>
> Rowland
>
>

Thank you for the clarifications and the additional advice. I will try that.

Ole