[Samba] replace Windows 2003 dc / dns issues

Peter Beck peter at datentraeger.li
Wed Feb 13 19:04:40 MST 2013 

Hi guys,

I'm about to replace an existing Windows Server 2003 Active Directory
domain with Samba4 (package from Debian Wheezy).

Joining the Samba4 dc according the Samba Wiki[1] is working great,
replication works without errors from both worlds (windows or samba).

After transferring the fsmo roles with ntdsutil to the samba4 domain
controller (btw: does it matter if ntdsutil or samba-tool fsmo transfer 
is being used ?), I would like to demote the windows server and use samba4 only.

But if I shutdown the Windows DC, all DNS entries are "empty" on the
samba side (the forward zones are created on the Samba server, but the only 
entries are the global catalog entries.)
The domain functional level was set to "Server 2003" (the highest available 
option with 2003) before adding the new Samba4 dc.
If I run samba_dnsupdate --verbose there are no errors - everything
seems to be fine.

samba-tool dns zonelist <samba-testserver> shows me following zones
2 zone(s) found

pszZoneName                 : adlab.local
Flags                       : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE 
ZoneType                    : DNS_ZONE_TYPE_PRIMARY
Version                     : 50
dwDpFlags                   : DNS_DP_AUTOCREATED
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
pszDpFqdn                   : DomainDnsZones.adlab.local

pszZoneName                 : _msdcs.adlab.local
Flags                       :
DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE 
ZoneType                    : DNS_ZONE_TYPE_PRIMARY
Version                     : 50
dwDpFlags                   : DNS_DP_AUTOCREATED
DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED 
pszDpFqdn                   :
ForestDnsZones.adlab.local

My question now is, if the Windows Server will be demoted, do I need to 
add "dns" to the "server services" section in smb.conf ? (I would like
to use Samba internal DNS) IMO it's needed when Samba is the only dc in 
the network. Is that correct ? Do I also need to add the "nsupdate
command" parameter to smb.conf after demoting the windows dc ?

How do I correctly move dns to the Samba Server and replace the
Windows DC finally ?

Is it needed to configure zone transfers from the Windows DC to the
Samba Server ? (even if both dns are active directory integrated ?)
But even if I enable transfers, there is no content on the samba server
dns... do I need to disable "Global Catalog" on the Windows DC before
demoting the server ? Lots of questions...

There are lots of manuals how to add an additional DC, but somehow I am
missing a howto for _replacing_ an existing DC with Samba4.

Thanks in advance
Peter

[1] https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

More information about the samba mailing list