[Samba] AD + Bind DLZ + Site

Rowland penny rpenny at samba.org
Wed Feb 10 15:54:22 UTC 2016 

On 10/02/16 15:36, mathias dufresne wrote:
> My answer below.
>
> 2016-02-10 15:38 GMT+01:00 Rowland penny <rpenny at samba.org 
> <mailto:rpenny at samba.org>>:
>
>     On 10/02/16 14:07, mathias dufresne wrote:
>
>
>
>         2016-02-10 14:37 GMT+01:00 Rowland penny <rpenny at samba.org
>         <mailto:rpenny at samba.org> <mailto:rpenny at samba.org
>         <mailto:rpenny at samba.org>>>:
>
>
>             On 10/02/16 11:12, mathias dufresne wrote:
>
>                 Hi all,
>
>                 Using 4.3.4 + Bind DLZ @ Centos 7.
>
>                 Regarding AD sites, I have several questions:
>
>                 1° Is it possible with Samba4 to rename
>         Default-First-Site-Name?
>
>
>             Depends on what you mean, if you mean can it be changed,
>         then the
>             answer is yes. If you mean can it be changed with
>         samba-tool, then no.
>
>
>         OK. I tried once and I had to reinstall the whole domain. I
>         was using RPM manually created with patch for demote dead
>         servers. Rpmbuild never complained about that patch but
>         samba-tool did not get the option to demote dead servers.
>         Perhaps the patch I get wasn't the right one, perhaps that
>         patch would have broken part of this packaged samba...
>         Of course the issue can come from me, but as I used RSAT to
>         rename the site, I can't see how I could do a mistake...
>
>
>
>                 2° samba-tool sites create <name>
>                 does not link new site to DEFAUTLIPSITELINK, is it the
>         correct
>                 behaviour?
>
>
>             Probably not.
>
>
>         OK
>
>
>                 3° When a DC is not in Default-First-Site-Name, no DNS
>         records
>                 related to
>                 that DC should exists in Default-First-Site-Name
>         related DNS
>                 records. Is
>                 that true?
>                 ex:
>         _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld
>                 should not
>                 exist.
>
>
>             Again probably not.
>
>
>         According to your next reply, I take your reply as a "yes,
>         that's true. A DC should be referenced only in site it belongs."
>
>         Once more, my question was not clear, sorry about that.
>
>
>                 4° When a DC is moved from one site to another site,
>         all DNS
>                 records
>                 related to old site should be automatically removed?
>
>
>             Yes
>
>
>         OK
>
>
>                 5° If 4° is true, what trigger the change in DNS
>                 configuration? Is it a
>                 samba restart which will run samba_dnsupdate which would
>                 perform that
>                 creation of DNS records and deletion of the old ones or
>                 samba_dnsupdate (or
>                 equivalent) is run without the need of a restart/reboot?
>
>
>             I don't think there is anything to do this at present. The
>         main
>             problem (as I see it) is that when you provision a domain,
>         all the
>             records are created for you, but when you join another DC,
>         they
>             are not. You have to start/restart samba and this then adds
>             various dns records including the site ones.
>
>
>         OK. So no trigger.
>
>         samba_dnsupdate should solve the issue as a restart of samba
>         service or restarting samba is really needed?
>
>
>
>     I have been reading the 'samba-tool sites' code and it appears
>     that it creates new sites in
>     'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'.
>
>     I think it should be creating it in
>     'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>
>
> I did look into the both domain I have here at work, one is 4.3.4 and 
> the other one is 4.4.0rc2.
> There is no CN=Sites,DC=samdom,DC=example,DC=com but only 
> CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com.

OK, I have only 'CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' 
where 'DC=samdom,DC=example,DC=com' is my rootdse i.e the domain name is 
samdom.example.com

>
> Of course there is also no 
> CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com and only 
> CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com is 
> present.
>

'NEWSITE' is a placeholder for whatever site name you want to replace 
Default-First-Site-Name with.
i.e. if you wanted to add a site called 'mysite' you would end up with:

'CN=mysite,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'


> Which version of Samba were you looking into?

4.4 i.e. samba.master

>
>     I think is should also add a 'siteList' attribute containing
>     'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' to
>     'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site
>     Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>
>
> That's a very interesting information. For now and as I'm starting to 
> be pushed by time, I would rely on RSAT to change that. That's the 
> only things I spotted as missing with 4.4.0 and site management 
> (because 4.4.0 comes with improvement of site management, thank to devs ;)

Ok

Rowland

More information about the samba mailing list