samba4 from BDC to PDC

Tue Dec 27 01:18:55 MST 2011

On Sat, 2011-12-24 at 09:07 +1100, Andrew Bartlett wrote:
> On Fri, 2011-12-23 at 16:18 +0100, Daniele Dario wrote:
> > 2011/10/27 Andrew Bartlett <abartlet at samba.org>
> > 
> > > On Tue, 2011-10-25 at 09:26 +0200, Michael Wood wrote:
> > > > On 24 October 2011 19:01, Gémes Géza <geza at kzsdabas.hu> wrote:
> > > > > 2011-10-24 16:54 keltezéssel, Daniele Dario írta:
> > > > [...]
> > > > >> So it seems that the reversed zone is present.
> > > > >> Doing a nslookup it gives the right hostname.domain.com but it won't
> > > > >> work with the direct zone.
> > > > >>
> > > > >> What am I doing wrong?
> > > > >> Daniele.
> > > > >>
> > > > > Recently there was a tread about some updates for samba dlz module to
> > > > > allow dynamic ptr zones:
> > > > >
> > > https://lists.samba.org/archive/samba-technical/2011-October/079834.html,
> > > so
> > > > > maybe you should try a recent git pull?
> > > >
> > > > I think he's saying that the reverse DNS is working correctly, but the
> > > > forward DNS is not working.
> > > >
> > > > Anyway, it looks like he has those patches already, since he's running
> > > > 4.0.0alpha18-GIT-3ae478b.
> > > >
> > > > If you're using the DLZ module, are you still supposed to run
> > > samba_dnsupdate?
> > >
> > > Yes.  This updates whatever DNS server is in use with the name changes
> > > or additions.
> > >
> > > Andrew Bartlett
> > >
> > > --
> > > Andrew Bartlett                                http://samba.org/~abartlet/
> > > Authentication Developer, Samba Team           http://samba.org
> > >
> > >
> > > Hi all,
> > my sbs2003 definetly crashed and samba4 has been able to keep the network
> > up for a few days but yesterday, the fileserver with samba 3.4.7 stopped
> > allowing users to connect to the network shares.
> > Then I tried to set up a new VM (ubuntu 11.04 server i386) with samba4
> > Version 4.0.0alpha18-GIT-32317b0 and named BIND 9.9.0b1 from PPA.
> > I followed the instructions from samba4 howto on the wiki mixed with the
> > info related to bind DLZ and provisioned a new domain.
> > 
> > At this time all seems to be OK:
> > - added organization unit, users and groups
> > - joined computers to the domain (Win XP)
> > - joined fileserver with samba 3.4.7 to the domain (with some chown on the
> > shares)
> > So, what can I say? GREAT !!!
> > 
> > What I'm currently missing is:
> > - when I join a new computer to the domain, bind says
> >   update-security: error: client 192.168.12.49#62667: update
> > 'saitelitalia.local/IN' denied
> >   database: info: samba_dlz: cancelling transaction on zone
> > saitelitalia.local
> >   and looking in the AD zone, also adding a new A record it does not work
> > - it is not possible to add the reversed zone
> 
> As you are already the most recent code, I do not have any suggestions,
> sorry!  Unfortunately we are rapidly arriving at Christmas, and so we
> may be a little slow in getting you fixed up.  
> 
> > Just to be sure: I'm going to set up another machine to act as fileserver.
> > This machine won't be a print server so is it a good choice if I use samba4
> > as secondary DC and fileserver or is it better to use samba 3xx and join it
> > to the domain?
> 
> For the fileserver, it is better to use Samba3 joined to the domain. 
> 
> Andrew Bartlett
> 
Hi Andrew and samba team,
I'm late but merry Christmas to all of You.

About the samba3 joined to the domain, I had just to run net ads join to
the new domain and it worked.

I've seen that to have wbinfo working correctly I have to run the
--set-auth-user and than wbinfo -u shows the domain users without errors
(same for -g or other things and for id commands).

Is it as expected?

Cheers,
Daniele