Samba 4 server role, time sync, upgrade from alpha5 to alpha 7
Matthieu Patou
mat+Informatique.Samba at matws.net
Wed Mar 11 09:10:05 GMT 2009
On 03/10/2009 01:04 AM, Andrew Bartlett wrote:
> On Mon, 2009-03-09 at 14:59 +0800, Muhammad Fakhrul Rozi Bin Mohd Seth
> wrote:
>
>> Hi Andrew,
>>
>> Sorry bothering you;
>> I'm still have the super silly question here.. hehe :-P ;
>>
>> 1) NTP for Samba 4
>> -how to i want the Samba 4 to synchronize the time with the client?
>> -i know since alpha 5 the problem on time synchronization is an
>> issue; but is it have any ways to avoid from user always get prompt
>> server clock is not sync
>> -i have seen that Samba 3 option have the ability to offer the time
>> smb; is it integrated in Samba 4?
>>
>
> This refers to a different protocol (a part of SMB), not the NTP signing
> that windows clients require as members of an AD domain.
>
>
>> -or somebody already have the solution for this issues?
>>
>
> You need to apply the patch:
>
> https://support.ntp.org/bugs/show_bug.cgi?id=1028
>
> to the source of NTP.org's NTPd, and deploy it on your domain
> controller.
>
>
You need to modify the configuration as well to add :
ntpsigndsocket /usr/local/samba/var/run/ntp_signd/socket
(of course adapt the path to where your samba is located)
>> 3) Upgrade Samba4 Alpha5 to Alpha7
>> -is it have a way to upgrade alpha 5 to alpha 7?
>> -i already deploy the alpha5 to few hundred PC (around 300
>> computer) with 350 users
>> -is it have a way to export / import data from the alpha 5 to alpha 7?
>> -i'm thinking of start from scratch back but the user i need to
>> redeploy again...
>>
>
> The technique used by my other production site was to:
>
> backup all of the existing data
>
> reprovision (over the top of the existing installation), but add the
> option --partitions-only to the provision script
>
> copy back the secrets.ldb from the backup
>
You'll need also to backup idmap.ldb it seems to be overwritten
(hkcu.ldb as well ..).
I would also recommend to test everything because my latests tests with
samba alpha7 showed some regression like: not able to administrate the
domain with a user in domain admin group using "AD user and computers" tool.
> The remaining step (not included) is to re-create the links between the
> entries. This step I need to add a script for (my other site needs it
> too), and will enable 'extended DN' support. (Mostly useful for Samba3
> and some other non-windows clients)
>
>
Miis and IIFP (which are MS tools to create meta directory ) use them
as well.
>> Anyway Samba 4 team;
>> Thanks for the great solution
>>
>
> I'm glad you are doing so well with it!
>
> Thanks,
>
> Andrew Bartlett
>
>
More information about the samba-technical
mailing list