samba4 from BDC to PDC

Andrew Bartlett abartlet at samba.org
Fri Dec 23 15:07:34 MST 2011 

On Fri, 2011-12-23 at 16:18 +0100, Daniele Dario wrote:
> 2011/10/27 Andrew Bartlett <abartlet at samba.org>
> 
> > On Tue, 2011-10-25 at 09:26 +0200, Michael Wood wrote:
> > > On 24 October 2011 19:01, Gémes Géza <geza at kzsdabas.hu> wrote:
> > > > 2011-10-24 16:54 keltezéssel, Daniele Dario írta:
> > > [...]
> > > >> So it seems that the reversed zone is present.
> > > >> Doing a nslookup it gives the right hostname.domain.com but it won't
> > > >> work with the direct zone.
> > > >>
> > > >> What am I doing wrong?
> > > >> Daniele.
> > > >>
> > > > Recently there was a tread about some updates for samba dlz module to
> > > > allow dynamic ptr zones:
> > > >
> > https://lists.samba.org/archive/samba-technical/2011-October/079834.html,
> > so
> > > > maybe you should try a recent git pull?
> > >
> > > I think he's saying that the reverse DNS is working correctly, but the
> > > forward DNS is not working.
> > >
> > > Anyway, it looks like he has those patches already, since he's running
> > > 4.0.0alpha18-GIT-3ae478b.
> > >
> > > If you're using the DLZ module, are you still supposed to run
> > samba_dnsupdate?
> >
> > Yes.  This updates whatever DNS server is in use with the name changes
> > or additions.
> >
> > Andrew Bartlett
> >
> > --
> > Andrew Bartlett                                http://samba.org/~abartlet/
> > Authentication Developer, Samba Team           http://samba.org
> >
> >
> > Hi all,
> my sbs2003 definetly crashed and samba4 has been able to keep the network
> up for a few days but yesterday, the fileserver with samba 3.4.7 stopped
> allowing users to connect to the network shares.
> Then I tried to set up a new VM (ubuntu 11.04 server i386) with samba4
> Version 4.0.0alpha18-GIT-32317b0 and named BIND 9.9.0b1 from PPA.
> I followed the instructions from samba4 howto on the wiki mixed with the
> info related to bind DLZ and provisioned a new domain.
> 
> At this time all seems to be OK:
> - added organization unit, users and groups
> - joined computers to the domain (Win XP)
> - joined fileserver with samba 3.4.7 to the domain (with some chown on the
> shares)
> So, what can I say? GREAT !!!
> 
> What I'm currently missing is:
> - when I join a new computer to the domain, bind says
>   update-security: error: client 192.168.12.49#62667: update
> 'saitelitalia.local/IN' denied
>   database: info: samba_dlz: cancelling transaction on zone
> saitelitalia.local
>   and looking in the AD zone, also adding a new A record it does not work
> - it is not possible to add the reversed zone

As you are already the most recent code, I do not have any suggestions,
sorry!  Unfortunately we are rapidly arriving at Christmas, and so we
may be a little slow in getting you fixed up.  

> Just to be sure: I'm going to set up another machine to act as fileserver.
> This machine won't be a print server so is it a good choice if I use samba4
> as secondary DC and fileserver or is it better to use samba 3xx and join it
> to the domain?

For the fileserver, it is better to use Samba3 joined to the domain. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list