FW: Re: Samba4 provision-backend

Andrew Bartlett abartlet at samba.org
Tue Apr 1 11:17:15 GMT 2008


On Tue, 2008-04-01 at 09:49 +0200, horst schibullek wrote:
> > -----Ursprüngliche Nachricht-----
> > Von: "Andrew Bartlett" <abartlet at samba.org>
> > Gesendet: 01.04.08 01:57:05
> > An: horst schibullek <hotte.schibullek at web.de>
> > CC: samba-technical at lists.samba.org
> > Betreff: Re: FW: Re: Samba4 provision-backend
> 
> 
> > 
> > 
> > On Sat, 2008-03-29 at 21:15 +0100, horst schibullek wrote:
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: "horst schibullek" <hotte.schibullek at web.de>
> > > > Gesendet: 29.03.08 13:43:23
> > > > An: "Andrew Bartlett" <abartlet at samba.org>
> > > > Betreff: Re: Samba4 provision-backend
> > > 
> > > > 
> > > > 
> > > > > -----Ursprüngliche Nachricht-----
> > > > > Von: "Andrew Bartlett" <abartlet at samba.org>
> > > > > Gesendet: 28.03.08 23:34:48
> > > > > An: horst schibullek <hotte.schibullek at web.de>
> > > > > CC: samba-technical at lists.samba.org
> > > > > Betreff: Re: Samba4 provision-backend
> > > > 
> > > > 
> > > > > 
> > > > > 
> > > > > On Thu, 2008-03-27 at 14:54 +0100, horst schibullek wrote:
> > > > > > Samba4 SVN 26701:
> > > > > 
> > > > > Firstly, Samba4 is now in GIT, the version in SVN is quite old.  What
> > > > > made you pull from SVN?  (I may need to update a few web pages). 
> > > > 
> > > > o.k., got it. took the info from samba-wiki, where both variants (svn and git) are
> > > > listed as ok.
> > > > > 
> > > > > I think the issues with the provision-backend script have been fixed
> > > > > since then (and rewritten in python).
> > > > 
> > > > ok, good to hear. 
> > > > 
> > > > another issue: 
> > > > i had setup 2 samba4-dc's in the same domain, working fine together
> > > > with openldap-backend (ol 2.4.8) in multi-master-replication,
> > > > (using ldap://<fqhn>:9000/ instead of ldapi) 
> > > > 
> > > > tested both variants to get a redundant copy, first procedure: quick and dirty 
> > > > in old slurpd-style (copying the bdb-files and transaction-logs from
> > > > dc1 to dc2; second procedure: with empty db on dc2 and 
> > > > syncrepl initial content load for all contexts, all ok.  
> > 
> > Great!
> thanks. makes fun to test it... great job done with samba4

I really appreciate you saying that.  This has been a very long, hard
slog, and the LDAP backend area was one I was thinking of abandoning (at
least for a time).  Having others pick this up and run with it will make
all the difference. 

> > > > all replication stuff is working fine in both directions, but when i try to
> > > > reproduce your demonstration from sambaxp 2007
> > > > (samab4-multi-master with Fedora DS backend)
> > > > an kick off one DC, the domain isnt available any
> > > > more for join operations and administering etc.
> > 
> > Interesting.  I've not attempted to reproduce that demonstration since
> > SambaXP. 
> > 
> > > > looks like the key (in the words meaning) hangs in 
> > > > the secrets.keytab, which is different on both dc.
> > > > is there a way to get it synchronized?
> > > > (tried net samdump keytab etc., but seems not to work,
> > > > tried also to manipulate the keytab with heimdal-tools, 
> > > > but did'nt work either)
> > 
> > The second server needs to join the domain (as a DC, but talking to the
> > first server).  That should establish the keytabs etc.
> > 
> > 
> i joined the domain with the second server, and after that i 
> created the needed ldif entry (Cn=NTDS...), everything 
> completely ok to this point.
> 
> other ideas? 

Not at the moment, without a trace.  Please file a bug about the need to
create the extra entry.  It should not (I hope) be too hard to add the
extra code to handle this automatically, particularly after the docs
release from Microsoft. 

> if not, i maybe try it once again and post the smbd-debug messages,
> but i know, they've been krb-ticket-related.

Please do.  

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080401/da48f7a4/attachment.bin


More information about the samba-technical mailing list