FW: Re: Samba4 provision-backend

Andrew Bartlett abartlet at samba.org
Mon Mar 31 23:56:58 GMT 2008 

On Sat, 2008-03-29 at 21:15 +0100, horst schibullek wrote:
> > -----Ursprüngliche Nachricht-----
> > Von: "horst schibullek" <hotte.schibullek at web.de>
> > Gesendet: 29.03.08 13:43:23
> > An: "Andrew Bartlett" <abartlet at samba.org>
> > Betreff: Re: Samba4 provision-backend
> 
> > 
> > 
> > > -----Ursprüngliche Nachricht-----
> > > Von: "Andrew Bartlett" <abartlet at samba.org>
> > > Gesendet: 28.03.08 23:34:48
> > > An: horst schibullek <hotte.schibullek at web.de>
> > > CC: samba-technical at lists.samba.org
> > > Betreff: Re: Samba4 provision-backend
> > 
> > 
> > > 
> > > 
> > > On Thu, 2008-03-27 at 14:54 +0100, horst schibullek wrote:
> > > > Samba4 SVN 26701:
> > > 
> > > Firstly, Samba4 is now in GIT, the version in SVN is quite old.  What
> > > made you pull from SVN?  (I may need to update a few web pages). 
> > 
> > o.k., got it. took the info from samba-wiki, where both variants (svn and git) are
> > listed as ok.
> > > 
> > > I think the issues with the provision-backend script have been fixed
> > > since then (and rewritten in python).
> > 
> > ok, good to hear. 
> > 
> > another issue: 
> > i had setup 2 samba4-dc's in the same domain, working fine together
> > with openldap-backend (ol 2.4.8) in multi-master-replication,
> > (using ldap://<fqhn>:9000/ instead of ldapi) 
> > 
> > tested both variants to get a redundant copy, first procedure: quick and dirty 
> > in old slurpd-style (copying the bdb-files and transaction-logs from
> > dc1 to dc2; second procedure: with empty db on dc2 and 
> > syncrepl initial content load for all contexts, all ok.  

Great!

> > all replication stuff is working fine in both directions, but when i try to
> > reproduce your demonstration from sambaxp 2007
> > (samab4-multi-master with Fedora DS backend)
> > an kick off one DC, the domain isnt available any
> > more for join operations and administering etc.

Interesting.  I've not attempted to reproduce that demonstration since
SambaXP. 

> > looks like the key (in the words meaning) hangs in 
> > the secrets.keytab, which is different on both dc.
> > is there a way to get it synchronized?
> > (tried net samdump keytab etc., but seems not to work,
> > tried also to manipulate the keytab with heimdal-tools, 
> > but did'nt work either)

The second server needs to join the domain (as a DC, but talking to the
first server).  That should establish the keytabs etc.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080401/974c6b91/attachment.bin

More information about the samba-technical mailing list