[Samba] Samba 4 fsmo-handling on crashed dc-server

Peter Grotz - Obel und Partner GbR grotz at obel-architekten.de
Sat Aug 30 18:10:59 MDT 2014 

Thanks Marc, that brings some light into darkness :)

-Peter


-----Ursprüngliche Nachricht-----
Von: Marc Muehlfeld [mailto:mmuehlfeld at samba.org] 
Gesendet: Samstag, 30. August 2014 16:16
An: Peter Grotz - Obel und Partner GbR; samba at lists.samba.org
Betreff: Re: [Samba] Samba 4 fsmo-handling on crashed dc-server

Hello Peter,

> Am 27.08.2014 10:00, schrieb Peter Grotz - Obel und Partner GbR:
>> But I´ve further questions:
>>  2.a.:
>> - What happens with fsmo in the meantime when the crashed server 
>> doesn´t work?
>> - Do the remaining dc and the other member-fileservers and the 
>> win-clients at the domain work as usual?
>> - Are there any things we can´t do until the fmso containing server 
>> works again? Doing changes in AD for example...
> 
> I'll try to extend the documentation until the end of the week. I'll 
> answer that questions there and post the link, ok?

Here it is:

https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%2
9_roles

It think all that questions can be answered with the documentation now.




>> 2.b.:
>> - While demoting foreign dcs is still broken what must I do with the
>> AD- and DNS-entries of the crashed server? Delete all entries with
>  RSAT or samba-tool?

The manual removal of the AD entries might be difficult and can cause
problems if it's not done everywhere (references in ACLs, objects, etc.).
It's really not suggested to do this manually.




>> - For the crashed server it may be the best to scrap the whole 
>> samba-installation and reinstall or better delete the samba- 
>> databases?!

It would be enought to delete all databases and build the domain from
scratch or join to the existing domain.

But even if your DC has the same name than before, it would replace existing
entries in the AD, because it get's a new GUID. So maybe entries in the AD
are still pointing to the old GUID and your new DC with the same name is
never contacted because of that.




I hope the two demote bugs are fixed soon. They are really serious.




Regards,
Marc

More information about the samba mailing list