[Samba] samba_dlz: Failed to configure zone... already exists

Jim Seymour jseymour at LinxNet.com
Fri Sep 4 21:18:44 UTC 2015

On Thu, 3 Sep 2015 09:00:18 -0700
John Yocum <jtyocum at uw.edu> wrote:

> FWIW, I've found Samba4 to be very reliable.

Samba ("Classic", I guess) has been very reliable for us, as well,
going on neigh... 20 years?  More?  Switched to it when Sun's PC-NFS
turned out to be an utter cluster frack.

It's the integration between Samba, BIND and <whatever else> that
concerns me, but if it's been stable for you, well...

On Thu, 3 Sep 2015 17:12:36 +0100
Rowland Penny <rowlandpenny241155 at gmail.com> wrote:

> This 'thing' as you call it, is stable and you can run everything
> on one box if you like,

I like :)

> but what if something does go wrong? I am
> not saying it will, but what if ?

Since the Enterprise is 99-44/100% MS-Win on the desktops, there'd
really be little difference between losing the AD DC, the DHCP
server, the nameserver, or the entire kit and caboodle.  Not
from a customer POV.  As for the network core: Routing is all static,
as are IP address assignments to all mission-critical servers and
network bits (switches, routers).

> You remind me of a lot of H&S experts I have run across, they come
> up with risk assessments but *never* ask 'but what if this
> happens' :-)

I've been doing Server & Network Admin. for better than 20 years.
The last time we tried distributing the things upon which the
Enterprise depended across multiple systems we quickly figured out
that all that did was increase the number of points-of-failure that
could cause a partial or complete denial of services to customers.
Since then I've adopted a strategy of "All the eggs in one basket and
make certain it's a damn good basket."

> You can run samba4 with a domain name of 'example.com' , ...

Won't be necessary.  See below.

On Thu, 3 Sep 2015 09:43:22 -0700
Lee Brown <leeb at ratnaling.org> wrote:

> Jim,
> It wasn't an implication that Samba4 would crash your server,
> rather it was a question of what happens *if* that box fails (power
> supply, memory, cpu, disk controller, etc. I've seen 'em all)?

See above.  W/o any of the mission-critical services everything falls
over, to a greater or lesser degree, anyway, so it doesn't really

(Btw: Maintaining two identical pieces of the same hardware, in case
of a hardware malf.  Storage is RAID5 with a hot spare, fully
backed-up monthly and a differential backup nightly.  Everything on a

> The biggest issue I see is hardware maintenance with your setup.
> If the PSU needs to be replaced,

Dual redundant hot-swap PSUs.  (One on the UPS, one on the mains.)
The drives are hot-swap, too.

Like I said: I make sure it's a damn good basket ;)

> I hope the perspective helps -- lee

I do, but please understand: Been there.  Done that.  Got the
t-shirt.  I won't claim to know it *all*, but, after lo these many
years, I think I have a pretty good handle one how network
architecture works.

I'd like to thank each of you for your comments--particularly
following my last, rather... *cough* "testy" post to the list.  It
was just frustration.  Please accept my apologies.

In an email directly to me, Louis offered additional pointers and
input.  And offered additional help.  Thanks, Louis!  And thanks for
the script, too.

So, the good news: I took Louis' script, split it in two, hacked it a
bit, and I *think* I now have an operational AD DC! \o/  The
"root" zone is "example.com" and the AD DC in "addc.example.com".
Tuesday I hope to be let alone long enough by my end-users to try to
get my laptop onto the AD.

Later I will post details on what I had to do to make all this work,
but it's the Labour Day weekend, here in the U.S., I just got back
from an excellent cardio workout, I'm currently enjoying a *very* good
(and well-earned, if I do say so, myself) IPA, and I don't feel like
trying to make sense any more :D

Thanks again, all of you, for your help!

Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

More information about the samba mailing list