Samba 4 server role, time sync, upgrade from alpha5 to alpha 7

Mon Mar 9 22:04:07 GMT 2009

On Mon, 2009-03-09 at 14:59 +0800, Muhammad Fakhrul Rozi Bin Mohd Seth
wrote:
> Hi Andrew,
> 
> Sorry bothering you;
> I'm still have the super silly question here.. hehe :-P ;
> 
> 1) NTP for Samba 4
>     -how to i want the Samba 4 to synchronize the time with the client?
>     -i know since alpha 5 the problem on time synchronization is an 
> issue; but is it have any ways to avoid from user always get prompt 
> server clock is not sync
>     -i have seen that Samba 3 option have the ability to offer the time 
> smb; is it integrated in Samba 4?

This refers to a different protocol (a part of SMB), not the NTP signing
that windows clients require as members of an AD domain.

>     -or somebody already have the solution for this issues?

You need to apply the patch:

https://support.ntp.org/bugs/show_bug.cgi?id=1028

to the source of NTP.org's NTPd, and deploy it on your domain
controller.  

> 2) Multiple Domain Controller (PDC/BDC)
>     -i have post before regarding this one; but i'm not manage to install
>         -does somebody have the "how to"? or simple step to be follow?
>     -at lease i can have 2 server which can sync the data

The way to do this is to rebuild your domain on the LDAP backend.  There
is a HOWTO on the wiki:

http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP

OpenLDAP 2.4.15 will work with current Samba4. 

Note that you cannot upgrade from a single host installation (LDB) onto
OpenLDAP at this stage.  (I realise this is a very much needed feature,
but I've not had time to work out the details or implementation).

> 3) Upgrade Samba4 Alpha5 to Alpha7
>     -is it have a way to upgrade alpha 5 to alpha 7?
>         -i already deploy the alpha5 to few hundred PC (around 300 
> computer) with 350 users
>     -is it have a way to export / import data from the alpha 5 to alpha 7?
>     -i'm thinking of start from scratch back but the user i need to 
> redeploy again...

The technique used by my other production site was to:

backup all of the existing data

reprovision (over the top of the existing installation), but add the
option --partitions-only to the provision script

copy back the secrets.ldb from the backup

The remaining step (not included) is to re-create the links between the
entries.  This step I need to add a script for (my other site needs it
too), and will enable 'extended DN' support.  (Mostly useful for Samba3
and some other non-windows clients)

> Anyway Samba 4 team;
> Thanks for the great solution

I'm glad you are doing so well with it!

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090309/2b004a00/attachment.bin