[Samba] AD + Bind DLZ + Site

mathias dufresne infractory at gmail.com
Wed Feb 10 14:07:10 UTC 2016 

2016-02-10 14:37 GMT+01:00 Rowland penny <rpenny at samba.org>:

> On 10/02/16 11:12, mathias dufresne wrote:
>
>> Hi all,
>>
>> Using 4.3.4 + Bind DLZ @ Centos 7.
>>
>> Regarding AD sites, I have several questions:
>>
>> 1° Is it possible with Samba4 to rename Default-First-Site-Name?
>>
>
> Depends on what you mean, if you mean can it be changed, then the answer
> is yes. If you mean can it be changed with samba-tool, then no.
>

OK. I tried once and I had to reinstall the whole domain. I was using RPM
manually created with patch for demote dead servers. Rpmbuild never
complained about that patch but samba-tool did not get the option to demote
dead servers. Perhaps the patch I get wasn't the right one, perhaps that
patch would have broken part of this packaged samba...
Of course the issue can come from me, but as I used RSAT to rename the
site, I can't see how I could do a mistake...


>
>
>> 2° samba-tool sites create <name>
>> does not link new site to DEFAUTLIPSITELINK, is it the correct behaviour?
>>
>
> Probably not.
>

OK

>
> 3° When a DC is not in Default-First-Site-Name, no DNS records related to
>> that DC should exists in Default-First-Site-Name related DNS records. Is
>> that true?
>> ex: _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld should not
>> exist.
>>
>
> Again probably not.
>

According to your next reply, I take your reply as a "yes, that's true. A
DC should be referenced only in site it belongs."

Once more, my question was not clear, sorry about that.


>
> 4° When a DC is moved from one site to another site, all DNS records
>> related to old site should be automatically removed?
>>
>
> Yes
>

OK


>
> 5° If 4° is true, what trigger the change in DNS configuration? Is it a
>> samba restart which will run samba_dnsupdate which would perform that
>> creation of DNS records and deletion of the old ones or samba_dnsupdate
>> (or
>> equivalent) is run without the need of a restart/reboot?
>>
>
> I don't think there is anything to do this at present. The main problem
> (as I see it) is that when you provision a domain, all the records are
> created for you, but when you join another DC, they are not. You have to
> start/restart samba and this then adds various dns records including the
> site ones.
>

OK. So no trigger.

samba_dnsupdate should solve the issue as a restart of samba service or
restarting samba is really needed?


>
> Rowland
>
>
> For others questions I have still tests to perform.
>>
>> Thanks and regards,
>>
>> mathias dufresne
>>
>
>
> --
>
> Thank you for your help : )

More information about the samba mailing list