Samba4 BDC with Samba4 PDC

Sun Jun 3 17:43:21 MDT 2012

On Sun, 2012-06-03 at 17:01 +0100, Mike Howard wrote:
> On 03/06/2012 11:15, Andrew Bartlett wrote:
> > On Sun, 2012-06-03 at 09:59 +0100, Mike Howard wrote:
> >> I have had samba4 (Version 4.0.0alpha21-GIT-073666e) up and running as
> >> the PDC on my network, currently with BIND9_DLZ and Bind9.9, working
> >> well for a little while.
> >>
> >> For redundancy, I'd like to add a Samba 4 BDC, also BIND9_DLZ with
> >> Bind9.9. To this end I grabbed the latest from git (Version
> >> 4.0.0alpha22-GIT-29a51a2) and installed it, however there is not a lot
> >> (any?) info out there on how things should be done _properly_ from a
> >> configuration point of view, i.e. on the BDC is there a smb.conf or not,
> >> how is the krb5.conf configured, how is /etc/resolv.conf configured?
> >>
> >> Anyway, I can join the the BDC to the domain with;
> > ...
> >> Joined domain MYDOMAIN (SID S-1-5-21-2874647136-1364824720-2698236840)
> >> as a DC
> >>
> >> The process of joining the BDC to the domain seems to shutdown bind on
> >> the PDC and neither '/usr/local/samba/private/named.conf' nor
> >> '/usr/local/samba/private/dns/' are created on the BDC.
> >>
> >> I can (and did) add the followong to my 'named.conf.local'.
> >>
> >> dlz "AD DNS Zone" {
> >>       # For BIND 9.9.0
> >>           database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";
> >> };
> >>
> >> but bind will not restart as '/usr/local/samba/private/dns/' and it's
> >> contents are missing.
> >>
> >> Can anybody give me some pointers or point me at any info that will help
> >> with the correct configuration?
> > See the other posts on this list about ensuring the DNS partitions are
> > replicated, then run samba_upgradedns to populate the DNS directory for
> > the second DC.
> >
> > There is a fair bit of info in the list archives on this.  Hopefully we
> > can make this more automatic in the future.
> >
> > Andrew Bartlett
> Hi,
> 
> Sorry, I obviously need to improve my search techniques. Thanks for the 
> pointers.
> 
> Sadly, none of them worked but not to worry, it is after all only alpha 
> software.

If you could please work with us to understand what failed, and if it is
any different to the failure modes already described, it would be very
helpful.  This will soon be 'beta' software, and the best way to make it
'release software' is to understand these issues.

> What is the the time scale for samba4 actually being usable in a 'real' 
> environment, or more specifically, being able to provide what windows 
> server currently provides from an AD/DNS point of view? 

In terms of DNS, there is a slow but active effort to move us to our own
DNS server, that will still need the DNS partitions to be replicated,
but will just read them from sam.ldb, not needing the copy in dns (this
copy is only required because we didn't want to have to run bind as
root, with full access to the whole database). 

Other than that, there isn't currently any major efforts or timeframe
here - simply due to the resources available. 

> Whilst I've been 
> running samba4 for a while (and quite impressive it is too), obviously 
> high availability is really important and being able to 'just' install 
> and go ala MS (despite all it's drawbacks) is pretty key. A BDC is a key 
> component.

It is a pretty key component.  It just happens that DNS replication
(being an application partition) is a bit trickier. 

Andrew Bartlett 

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org