Reporting MORE success this past year - RESOLVED Issues Adding a new Samba 4 DC to existing Samba 4 AD

Wed Dec 14 09:05:09 MST 2011

Thanks Andrew,

Thank you for the info. The online documentation I have found on dlz_bind9
says it requires a patch that was created this past Fall to work properly,
and that  dlz_bind9 needs to be set up as part of the provisioning step
during install/setup. Is it possible to run provisioning again after the
fact to install this? What is the possible impact of re-provisioning on our
current installation?

We also want to migrate to CentOS to standardize on that OS going forward,
so maybe we can set this up on the new CentOS PDC and then just migrate the
data from the old one. Since you know Samba4 better than we do (probably
better than almost anyone), do you think it would be better to re-provision
the current PDC for dlz_bind9 and then migrate the data and schema with
dlz_bind9 already in the Directory, or provision this on the new
replacement PDC and just migrate the current data/schema?

Sorry to ask so many questions, but since we are actually using Samba4 in
production we need to be careful not to break it. Re-adding authenticated
end user machines to AD is not that big a deal (although better if we don't
need to), but we have at least one critical server app that uses the
current AD for auth and disrupting access to that would be a big deal.

Cheers,*

Aubrey Ekstrom | *Systems Administrator
Proclivity Systems
22 West 19th St., Ninth Floor
New York, NY 10011
p 646.380.2416
aekstrom at proclivitysystems.com
www.proclivitysystems.com

*Proclivity® | We Value Your Customers™*

This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.  If
you are not the intended recipient, reliance or forwarding without express
permission is strictly prohibited; please contact the sender and delete all
copies.

On Tue, Dec 13, 2011 at 4:59 PM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Tue, 2011-12-13 at 11:13 -0500, Aubrey Ekstrom wrote:
> > Hi Andrew and everyone,
> >
> > Thanks for all the help!
> >
> > Recompiling Bind 9.8.1.P1 a 3rd time with the --sysconfdir=/etc/bind
> option
> > in addition to the --with-gssapi=/usr/include/gssapi option combining the
> > Samba 4 Bind instructions with the Bind install instructions from this
> page:
> >
> > http://www.linuxfromscratch.org/blfs/view/svn/server/bind.html
> >
> > Appears to have fixed the dynamic DNS issue on our PDC and the New DC is
> > now replicating! YEAH!
> >
> > Any known issues, or advice about running DDNS on both DCs?
>
> To do that, you need to use dlz_bind9, so that the data is stored in the
> directory, rather than in flat files on just one DC.
>
> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
>
>