Samba 4 from internal DNS to named and GPOs issue

admin at blackpenguin.org admin at blackpenguin.org
Tue Oct 23 12:55:54 MDT 2012 

I would gladly keep samba 4 as primary dns, but I do not have enough 
documentation on how to work it. I would rather have one-box-do-them-all 
solution. On my gateway, I have named doing dns. On the same machine I 
have apache (httpd), postfix and other services. The whole thing runs on 
named. In order to move stuff out of named into samba 4, I need to know 
where the samba 4 dns files are. Also I have internal named and external 
named configurations with multiple domains. Can samba dns do the same 
thing? Can it run configurations for external and internal dns (private 
and public IPs)? I do not necessarily want to use named, it's just this 
looks the best way of doing it...

On 2012-10-23 12:52, Ricky Nance wrote:
> On Tue, Oct 23, 2012 at 1:31 PM, <admin at blackpenguin.org [2]> wrote:
>
>> On 2012-10-23 12:04, Ricky Nance wrote:
>>
>>> Bogdon, 
>>>     
>>>      The wiki is fairly straight forward on joining a second
>>> DC,
>>> and the mailing list has had several emails on the DNS changes
>>> (as do
>>> the change logs) as well as the samba backup/restore process. I
>>> am
>>> guessing that English is not your primary language, but please be
>>> careful on the wording that you use in emails as some of the
>>> things
>>> you have written could easily be taken personal. If the howtos
>>> are
>>>
>>> lacking, please register on the wiki and you will likely be
>>> granted
>>> access to change them, also there should be sufficient help in
>>> the man
>>> pages. 
>>
>> Thank you for your answer - it is much appreciated. I do understand
>> English, so thats not the issue. There are several scenarios that
>> people will encounter and they are not covered in the howtos. I know
>> named was not an awesome choice and its always fun to make it work
>> with samba, but since the migration to internal DNS, switching the
>> DNS solution is not documented. However, once I get thing rolling I
>> will consider on writing some howtos for samba, but Im still in a
>> learning phase.
>>
>>>      With my rant out of the way, first please give us a bit
>>> more
>>> information, did you install from tarball or from git? Second, in
>>> order to get your second machine setup you can do this in one of
>>> 2
>>> ways: 1) make a backup of samba, have samba 4 installed on the
>>> new
>>> machine, then copy over the samba/private, samba/etc, and your
>>> sysvol
>>> directories from old to new, then start samba, and test it. 2)
>>> setup
>>> samba 4 on your new machine, and join it to your existing samba 4
>>> machine as a DC using the following
>>>
>>>
>>
> 
> method, http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>>> [1]
>>> [1] then run samba-tool domain demote on the first DC, you will
>>> need
>>>
>>> to manually copy over your sysvol directory over as well and
>>> re-setup
>>> all of your shares as they wont exist on the new DC.
>>
>> I installed samba 4 RC3 from the tarball to be able to test
>> different scenarios. It is running on Fedora 17 as the primary and
>> only domain controller and the windows clients are windows 7 pro
>> sp1. I stopped samba and performed a backup with the provided script
>> and I hope I got a valid backup. I installed samba 4 rc3 on a
>> physical machine from tarball and provisioned a new domain (with
>> named as backend) to see if there are main differences in the config
>> and there are.
>
> Samba 4 internal DNS can forward to any dns you need it to by setting
> the "dns forwarder = " in the smb.conf. 
>
>> What exactly do I need to remove from bind and move to the samba
>> dns? Why would I need to move stuff out of named? What are the samba
>> dns files and where are they located? I only found a
>> named.conf.update or something like that in the provisioning. Having
>> samba 4 running on internal dns is great, but I need to integrate it
>> further with other solutions. I am planning to deploy samba 4 in
>> production as soon as I get the GPOs working that seem to have a bug
>> in RC3 still.
>
> I am not fully understanding why you want to move back to the 
> bind_dlz
> backend I guess. Dont get me wrong there is nothing wrong with it, 
> but
> I just dont understand the reason you need to switch. Maybe if I
> understood why you need named running I could help more on this.
>        Hopefully this has answered your questions, but please dont
>  hesitate to ask if it didnt.
>
>  Good luck,
>  Ricky
>
>  Thank you Ricky!
>
>  On Tue, Oct 23, 2012 at 7:29 AM, <admin at blackpenguin.org [3] [2]>
> wrote:
>
>  On 2012-10-22 05:19, Andrew Bartlett wrote:
>
>  On Sun, 2012-10-21 at 08:59 -0700, bogdan_bartos wrote:
>
>  Hi,
>
>  I am running Samba 4 RC3 on a VM and I want to backup the whole
>  thing and
>  restore it onto a physical machine. I know there is a script
>  for that, but
>  currently I have it running by using the internal DNS and I
>  want to have it
>  running with named. Would the script carry the DNS confog over?
>  How do I
>  make it swicth from internal to named?
>
>  My understanding is that you:
>
>   - Change the smb.conf settings, and then run samba_dnsupgrade
>
>  1. I ran the backup successfully. However, I do not know how to
>  restore the backup.
>  2. What exactly do I change in smb.conf?
>
>  I also have several GPOs set, but the client machines will not
>  pick them up.
>  I disabled the shutdown, control panel and other things, but as
>  soon as I
>  access the GPO with GPMC, it says that the SYSVOL data is not
>  in sync with
>  the AD data and it just doesnt work. Is this a bug in Samba 4
>  RC3?
>
>  Is this against your second DC?  Remember, you have to sync your
>  sysvol
>  files manually.
>
>  Andrew Bartlett
>
>  3. I do not have 2 DCs. I am willing to try this out, but the
>  howtos are not that great.
>
>  First I need to be able to do basic things like backing it up,
>  restoring it, upgrading it, replicating it. Then I can say that is
>  meant to be easy, but up to now its not. Ive been using samba 3 for
>
>  a long time now, but samba4 is not that well documented. A regular
>  person will be able to install it, provision it, but then it will
>  come time to change things and play. If I would be in aproduction
>  environment, this would be a really tought job to recover from a
>  loss without the proper documentation.
>
>  I bet programming samba was a tought job, but to make a software
>  "fly", you really need an awesome tutorial. Or better step-by-step
>  explanations.
>
> Ricky--
>
>>
>
>
> Links:
> ------
> [1] 
> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
> [2] mailto:admin at blackpenguin.org
> [3] mailto:admin at blackpenguin.org

More information about the samba-technical mailing list