[Samba] AD + Bind DLZ + Site
mathias dufresne
infractory at gmail.com
Wed Feb 10 15:36:16 UTC 2016
My answer below.
2016-02-10 15:38 GMT+01:00 Rowland penny <rpenny at samba.org>:
> On 10/02/16 14:07, mathias dufresne wrote:
>
>>
>>
>> 2016-02-10 14:37 GMT+01:00 Rowland penny <rpenny at samba.org <mailto:
>> rpenny at samba.org>>:
>>
>>
>> On 10/02/16 11:12, mathias dufresne wrote:
>>
>> Hi all,
>>
>> Using 4.3.4 + Bind DLZ @ Centos 7.
>>
>> Regarding AD sites, I have several questions:
>>
>> 1° Is it possible with Samba4 to rename Default-First-Site-Name?
>>
>>
>> Depends on what you mean, if you mean can it be changed, then the
>> answer is yes. If you mean can it be changed with samba-tool, then no.
>>
>>
>> OK. I tried once and I had to reinstall the whole domain. I was using RPM
>> manually created with patch for demote dead servers. Rpmbuild never
>> complained about that patch but samba-tool did not get the option to demote
>> dead servers. Perhaps the patch I get wasn't the right one, perhaps that
>> patch would have broken part of this packaged samba...
>> Of course the issue can come from me, but as I used RSAT to rename the
>> site, I can't see how I could do a mistake...
>>
>>
>>
>> 2° samba-tool sites create <name>
>> does not link new site to DEFAUTLIPSITELINK, is it the correct
>> behaviour?
>>
>>
>> Probably not.
>>
>>
>> OK
>>
>>
>> 3° When a DC is not in Default-First-Site-Name, no DNS records
>> related to
>> that DC should exists in Default-First-Site-Name related DNS
>> records. Is
>> that true?
>> ex: _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld
>> should not
>> exist.
>>
>>
>> Again probably not.
>>
>>
>> According to your next reply, I take your reply as a "yes, that's true. A
>> DC should be referenced only in site it belongs."
>>
>> Once more, my question was not clear, sorry about that.
>>
>>
>> 4° When a DC is moved from one site to another site, all DNS
>> records
>> related to old site should be automatically removed?
>>
>>
>> Yes
>>
>>
>> OK
>>
>>
>> 5° If 4° is true, what trigger the change in DNS
>> configuration? Is it a
>> samba restart which will run samba_dnsupdate which would
>> perform that
>> creation of DNS records and deletion of the old ones or
>> samba_dnsupdate (or
>> equivalent) is run without the need of a restart/reboot?
>>
>>
>> I don't think there is anything to do this at present. The main
>> problem (as I see it) is that when you provision a domain, all the
>> records are created for you, but when you join another DC, they
>> are not. You have to start/restart samba and this then adds
>> various dns records including the site ones.
>>
>>
>> OK. So no trigger.
>>
>> samba_dnsupdate should solve the issue as a restart of samba service or
>> restarting samba is really needed?
>>
>>
>>
> I have been reading the 'samba-tool sites' code and it appears that it
> creates new sites in 'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'.
>
> I think it should be creating it in
> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>
I did look into the both domain I have here at work, one is 4.3.4 and the
other one is 4.4.0rc2.
There is no CN=Sites,DC=samdom,DC=example,DC=com but only
CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com.
Of course there is also no CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com
and only CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
is present.
Which version of Samba were you looking into?
>
> I think is should also add a 'siteList' attribute containing
> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' to
> 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site
> Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>
That's a very interesting information. For now and as I'm starting to be
pushed by time, I would rely on RSAT to change that. That's the only things
I spotted as missing with 4.4.0 and site management (because 4.4.0 comes
with improvement of site management, thank to devs ;)
>
> Rowland
>
>
>
More information about the samba
mailing list