Samba 4 from internal DNS to named and GPOs issue

Ricky Nance ricky.nance at
Tue Oct 23 12:04:34 MDT 2012


     The wiki is fairly straight forward on joining a second DC, and the
mailing list has had several emails on the DNS changes (as do the change
logs) as well as the samba backup/restore process. I am guessing that
English is not your primary language, but please be careful on the wording
that you use in emails as some of the things you have written could easily
be taken personal. If the howto's are lacking, please register on the wiki
and you will likely be granted access to change them, also there should be
sufficient help in the man pages.

     With my rant out of the way, first please give us a bit more
information, did you install from tarball or from git? Second, in order to
get your second machine setup you can do this in one of 2 ways: 1) make a
backup of samba, have samba 4 installed on the new machine, then copy over
the samba/private, samba/etc, and your sysvol directories from old to new,
then start samba, and test it. 2) setup samba 4 on your new machine, and
join it to your existing samba 4 machine as a DC using the following
method, then
run 'samba-tool domain demote' on the first DC, you will need to manually
copy over your sysvol directory over as well and re-setup all of your
shares as they won't exist on the new DC.

     In order to change the DNS backend there is no easy straight forward
way to do this yet (as far as I know), I know at one point in the past 2-3
weeks there was a discussion on the dns-DOMAIN user not being created when
you provision with samba_internal, also I don't think it creates the
'samba/private/dns' directory or the samba/private/named.conf file, so the
configuration change that Andrew mentioned may not be enough to make this
work, however, the option he was speaking of will be in the [global]
section of your smb.conf, you will need to add the line 'server services =
-dns' then comment out the 'dns forwarder =' line if it exists in your
config, then run samba_dnsupgrade and restart samba.

     As for your earlier mail, you made the comment "I will probably have
bind as primary dns and samba as secondary dns and on separate machines". I
don't think you can do this really, if windows finds the primary dns is an
active dns, then the secondary will never be touched, so your secure dns
updates will not happen at all, and any tool that you use that needs the
dns of any machine AD wise will not work properly. It'd be best to leave
the second dns in place and use samba_internal, which you are currently
using, and a line in your smb.conf "dns forwarder =". You may
need to move some things from your existing bind to your AD server, but
this shouldn't be that hard, unless you have a BUNCH of entries, in which
case I would just try it and see if it works.

     Hopefully this has answered your questions, but please don't hesitate
to ask if it didn't.

Good luck,

On Tue, Oct 23, 2012 at 7:29 AM, <admin at> wrote:

> On 2012-10-22 05:19, Andrew Bartlett wrote:
>> On Sun, 2012-10-21 at 08:59 -0700, bogdan_bartos wrote:
>>> Hi,
>>> I am running Samba 4 RC3 on a VM and I want to backup the whole thing and
>>> restore it onto a physical machine. I know there is a script for that,
>>> but
>>> currently I have it running by using the internal DNS and I want to have
>>> it
>>> running with named. Would the script carry the DNS confog over? How do I
>>> make it swicth from internal to named?
>> My understanding is that you:
>>  - Change the smb.conf settings, and then run samba_dnsupgrade
> 1. I ran the backup successfully. However, I do not know how to restore
> the backup.
> 2. What exactly do I change in smb.conf?
>>  I also have several GPOs set, but the client machines will not pick them
>>> up.
>>> I disabled the shutdown, control panel and other things, but as soon as I
>>> access the GPO with GPMC, it says that the SYSVOL data is not in sync
>>> with
>>> the AD data and it just doesn't work. Is this a bug in Samba 4 RC3?
>> Is this against your second DC?  Remember, you have to sync your sysvol
>> files manually.
>> Andrew Bartlett
> 3. I do not have 2 DCs. I am willing to try this out, but the howtos are
> not that great.
> First I need to be able to do basic things like backing it up, restoring
> it, upgrading it, replicating it. Then I can say that is meant to be easy,
> but up to now it's not. I've been using samba 3 for a long time now, but
> samba4 is not that well documented. A regular person will be able to
> install it, provision it, but then it will come time to change things and
> play. If I would be in aproduction environment, this would be a really
> tought job to recover from a loss without the proper documentation.
> I bet programming samba was a tought job, but to make a software "fly",
> you really need an awesome tutorial. Or better step-by-step explanations.


More information about the samba-technical mailing list