Samba 4 from internal DNS to named and GPOs issue

Ricky Nance ricky.nance at weaubleau.k12.mo.us
Tue Oct 23 13:07:09 MDT 2012 

On Tue, Oct 23, 2012 at 1:55 PM, <admin at blackpenguin.org> wrote:

> I would gladly keep samba 4 as primary dns, but I do not have enough
> documentation on how to work it. I would rather have one-box-do-them-all
> solution. On my gateway, I have named doing dns. On the same machine I have
> apache (httpd), postfix and other services. The whole thing runs on named.
> In order to move stuff out of named into samba 4, I need to know where the
> samba 4 dns files are. Also I have internal named and external named
> configurations with multiple domains. Can samba dns do the same thing? Can
> it run configurations for external and internal dns (private and public
> IPs)? I do not necessarily want to use named, it's just this looks the best
> way of doing it...
>
> Ok, now I understand :). No samba_internal cannot do what you are doing
with bind (as far as I know), you can however run all of the internal DNS
requests from it and use the windows DNS tools to manage it. It would
probably be best to keep them seperated as the bind9_dlz exposes a small
part of AD to the DNS server (named). In my opinion I would let samba
handle all DNS on the inside and use the forwarder line to your other
machine running apache and postfix. Personally I don't care either way if
you want to use bind_dlz or samba_internal backend (though the
samba_internal is easier to setup), but I would try to avoid putting samba
on a public IP.


> On 2012-10-23 12:52, Ricky Nance wrote:
>
>> On Tue, Oct 23, 2012 at 1:31 PM, <admin at blackpenguin.org [2]> wrote:
>>
>>  On 2012-10-23 12:04, Ricky Nance wrote:
>>>
>>>  Bogdon,
>>>>
>>>>      The wiki is fairly straight forward on joining a second
>>>> DC,
>>>> and the mailing list has had several emails on the DNS changes
>>>> (as do
>>>> the change logs) as well as the samba backup/restore process. I
>>>> am
>>>> guessing that English is not your primary language, but please be
>>>> careful on the wording that you use in emails as some of the
>>>> things
>>>> you have written could easily be taken personal. If the howtos
>>>> are
>>>>
>>>> lacking, please register on the wiki and you will likely be
>>>> granted
>>>> access to change them, also there should be sufficient help in
>>>> the man
>>>> pages.
>>>>
>>>
>>> Thank you for your answer - it is much appreciated. I do understand
>>> English, so thats not the issue. There are several scenarios that
>>>
>>> people will encounter and they are not covered in the howtos. I know
>>> named was not an awesome choice and its always fun to make it work
>>>
>>> with samba, but since the migration to internal DNS, switching the
>>> DNS solution is not documented. However, once I get thing rolling I
>>> will consider on writing some howtos for samba, but Im still in a
>>>
>>> learning phase.
>>>
>>>       With my rant out of the way, first please give us a bit
>>>> more
>>>> information, did you install from tarball or from git? Second, in
>>>> order to get your second machine setup you can do this in one of
>>>> 2
>>>> ways: 1) make a backup of samba, have samba 4 installed on the
>>>> new
>>>> machine, then copy over the samba/private, samba/etc, and your
>>>> sysvol
>>>> directories from old to new, then start samba, and test it. 2)
>>>> setup
>>>> samba 4 on your new machine, and join it to your existing samba 4
>>>> machine as a DC using the following
>>>>
>>>>
>>>>
>>>
>> method, http://wiki.samba.org/**index.php/Samba4/HOWTO/Join_a_**
>> domain_as_a_DC<http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC>
>>
>>> [1]
>>>> [1] then run samba-tool domain demote on the first DC, you will
>>>> need
>>>>
>>>> to manually copy over your sysvol directory over as well and
>>>> re-setup
>>>> all of your shares as they wont exist on the new DC.
>>>>
>>>
>>> I installed samba 4 RC3 from the tarball to be able to test
>>> different scenarios. It is running on Fedora 17 as the primary and
>>> only domain controller and the windows clients are windows 7 pro
>>> sp1. I stopped samba and performed a backup with the provided script
>>> and I hope I got a valid backup. I installed samba 4 rc3 on a
>>> physical machine from tarball and provisioned a new domain (with
>>> named as backend) to see if there are main differences in the config
>>> and there are.
>>>
>>
>> Samba 4 internal DNS can forward to any dns you need it to by setting
>> the "dns forwarder = " in the smb.conf.
>>
>>  What exactly do I need to remove from bind and move to the samba
>>> dns? Why would I need to move stuff out of named? What are the samba
>>> dns files and where are they located? I only found a
>>> named.conf.update or something like that in the provisioning. Having
>>> samba 4 running on internal dns is great, but I need to integrate it
>>> further with other solutions. I am planning to deploy samba 4 in
>>> production as soon as I get the GPOs working that seem to have a bug
>>> in RC3 still.
>>>
>>
>> I am not fully understanding why you want to move back to the bind_dlz
>> backend I guess. Dont get me wrong there is nothing wrong with it, but
>> I just dont understand the reason you need to switch. Maybe if I
>>
>> understood why you need named running I could help more on this.
>>        Hopefully this has answered your questions, but please dont
>>  hesitate to ask if it didnt.
>>
>>  Good luck,
>>  Ricky
>>
>>  Thank you Ricky!
>>
>>  On Tue, Oct 23, 2012 at 7:29 AM, <admin at blackpenguin.org [3] [2]>
>>
>> wrote:
>>
>>  On 2012-10-22 05:19, Andrew Bartlett wrote:
>>
>>  On Sun, 2012-10-21 at 08:59 -0700, bogdan_bartos wrote:
>>
>>  Hi,
>>
>>  I am running Samba 4 RC3 on a VM and I want to backup the whole
>>  thing and
>>  restore it onto a physical machine. I know there is a script
>>  for that, but
>>  currently I have it running by using the internal DNS and I
>>  want to have it
>>  running with named. Would the script carry the DNS confog over?
>>  How do I
>>  make it swicth from internal to named?
>>
>>  My understanding is that you:
>>
>>   - Change the smb.conf settings, and then run samba_dnsupgrade
>>
>>  1. I ran the backup successfully. However, I do not know how to
>>  restore the backup.
>>  2. What exactly do I change in smb.conf?
>>
>>  I also have several GPOs set, but the client machines will not
>>  pick them up.
>>  I disabled the shutdown, control panel and other things, but as
>>  soon as I
>>  access the GPO with GPMC, it says that the SYSVOL data is not
>>  in sync with
>>  the AD data and it just doesnt work. Is this a bug in Samba 4
>>  RC3?
>>
>>  Is this against your second DC?  Remember, you have to sync your
>>  sysvol
>>  files manually.
>>
>>  Andrew Bartlett
>>
>>  3. I do not have 2 DCs. I am willing to try this out, but the
>>  howtos are not that great.
>>
>>  First I need to be able to do basic things like backing it up,
>>  restoring it, upgrading it, replicating it. Then I can say that is
>>  meant to be easy, but up to now its not. Ive been using samba 3 for
>>
>>  a long time now, but samba4 is not that well documented. A regular
>>  person will be able to install it, provision it, but then it will
>>  come time to change things and play. If I would be in aproduction
>>  environment, this would be a really tought job to recover from a
>>  loss without the proper documentation.
>>
>>  I bet programming samba was a tought job, but to make a software
>>  "fly", you really need an awesome tutorial. Or better step-by-step
>>  explanations.
>>
>> Ricky--
>>
>>
>>>
>>
>> Links:
>> ------
>> [1] http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**
>> domain_as_a_DC<http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC>
>> [2] mailto:admin at blackpenguin.org
>> [3] mailto:admin at blackpenguin.org
>>
>
>

Ricky
--

More information about the samba-technical mailing list