[Samba] Join Samba without GC role
Luchko Dmitriy
Luchko.D at digdes.com
Fri Nov 6 07:55:09 UTC 2015
It's strange. We have root domain and a lot subdomain. We try to join Samba to one of subdomain.
Active Directory DB (NTDS.dit) without GC = 1.2 Gb, with GC=16 Gb. When we try to join Samba we have samba DB limit 4Gb.
We see that samba replicate information about all domains in forest:
descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=domain1,DC=oao,DC=company not found under DC=domain1,DC=oao,DC=company
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:5568: WARNING: Failed to re-resolve GUID 3c4005a3-6aa9-4776-a23a-d0f632d6ebd8 - using CN=DOMAIN6-DC-02,OU=Domain Controllers,DC=domain6,DC=oao,DC=company
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:5568: WARNING: Failed to re-resolve GUID 5cefb527-31c5-45b3-98e1-473e54b75ac8 - using CN=DOMAIN6-DC-01,OU=Domain Controllers,DC=domain6,DC=oao,DC=company
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:5568: WARNING: Failed to re-resolve GUID 29d15948-c550-43ec-91bc-9eea9516197e - using DC=domain6,DC=oao,DC=company
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:5568: WARNING: Failed to re-resolve GUID 01a7952b-a4e1-4e91-b3cd-74b34307a019 - using DC=domain2,DC=oao,DC=company
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:5568: WARNING: Failed to re-resolve GUID c9686534-1edb-48ae-8f2d-808320512b71 - using DC=domain3,DC=oao,DC=company
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:5568: WARNING: Failed to re-resolve GUID f45fa54a-8512-4af0-9aab-b24b0ae4b868 - using DC=domain4,DC=oao,DC=company
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:5568: WARNING: Failed to re-resolve GUID 580df24f-20ba-4cc5-8c51-f95e4fe08d6e - using DC=domain5,DC=oao,DC=company
Can we disable GC in Samba before join?
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Monday, November 02, 2015 9:50 PM
To: Luchko Dmitriy <Luchko.D at digdes.com>; samba at lists.samba.org
Subject: Re: [Samba] Join Samba without GC role
On Mon, 2015-11-02 at 13:07 +0000, Luchko Dmitriy wrote:
> Thanks for the answer!
>
> Is that true if we have Subdomains, Samba write to DB information only
> about join-domain?
Operation in the presence of subdomains is not supported. When we do add it, we will attempt to be a GC and replicate the GC partitions for the whole forest. This information is critical to the correct operation of the DsCrackNames interface.
> And what option --domain-critical-only do? I did not see the
> difference - with or without.
A smaller set of objects is replicated initially, but the whole domain is replicated once Samba starts.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list