[Samba] [SOLVED] replace Windows 2003 dc

Sérgio Henrique sermac at gmail.com
Fri Feb 22 10:13:46 MST 2013 

I guess the comunication beetween MS AD and Samba4 is by kerberos, i have
copied the /opt/samba/private/krb5.conf to /etc after joined to domain

I have installed a windows server at 2003 forest level as PDC then
installed samba4.0.3
join domain but everytime i am getting problems with forest and domain dns
zones...


# Global parameters
[global]
        workgroup = LISBOA
        realm = lisboa.ad.root
        netbios name = DC2
        server role = active directory domain controller
        allow dns updates = true

[netlogon]
        path = /opt/samba/var/locks/sysvol/lisboa.ad.root/scripts
        read only = No

[sysvol]
        path = /opt/samba/var/locks/sysvol
        read only = No

Thank you in advanced,
Best Regards,


On Fri, Feb 22, 2013 at 4:56 PM, Friedrich Locke
<friedrich.locke at gmail.com>wrote:

> Are you using kerberos to authenticate ?
>
> On Fri, Feb 22, 2013 at 7:10 AM, Sérgio Henrique <sermac at gmail.com> wrote:
> > Awesome i will try to replicate in my test environment.
> >
> >
> > On Fri, Feb 22, 2013 at 2:23 AM, Peter Beck <peter at datentraeger.li>
> wrote:
> >
> >> Hi guys,
> >>
> >> weehoo! Samba4 rocks ! Great work!
> >>
> >> if someone is interested - I finally managed to replace a Windows DC
> >> successfully.
> >> (at least i hope so ;-)
> >>
> >> this is what I have done:
> >>
> >> * Windows DC: Domain and Forest Operation Level = 2003
> >> * Reboot Windows DC (always a good idea on Windows ;-)
> >> * joining the Samba Domain Controller to the existing 2003 domain
> >> * adding a Reverse zone for my network in DNS (on Windows)
> >> * replicating forestdnszones, domaindnszones
> >> * on the Windows DC i've changed the nameserver for each zone to the
> samba
> >>   domain controller (which automatically added an NS-record to dns)
> >> * samba_dnsupdate --all-names --verbose
> >> * removing the Global Catalog on the Windows DC (including reboot ;-)
> >> * transferring all fsmo roles to the samba dc (what's the differnce to
> >>   seizing ? for me transfer seems to work more reliable..)
> >> * demote the windows server
> >>
> >> Now I am able to add or remove records in dns (with samba tool and on
> >> Windows with the MMC-Snapin) and it looks very good.
> >>
> >> Now I think I just need to do some "cleaning" (removing dns entries for
> >> the replaced windows dc, etc).
> >>
> >> Regards
> >> Peter
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
> >
> >
> > --
> > Cumprimentos,
> >     Sérgio Machado
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Cumprimentos,
    Sérgio Machado

More information about the samba mailing list