[Samba] AD + Bind DLZ + Site
Rowland penny
rpenny at samba.org
Wed Feb 10 17:04:16 UTC 2016
On 10/02/16 16:27, mathias dufresne wrote:
>
>
> 2016-02-10 16:54 GMT+01:00 Rowland penny <rpenny at samba.org
> <mailto:rpenny at samba.org>>:
>
> On 10/02/16 15:36, mathias dufresne wrote:
>
> My answer below.
>
> 2016-02-10 15:38 GMT+01:00 Rowland penny <rpenny at samba.org
> <mailto:rpenny at samba.org> <mailto:rpenny at samba.org
> <mailto:rpenny at samba.org>>>:
>
> On 10/02/16 14:07, mathias dufresne wrote:
>
>
>
> 2016-02-10 14:37 GMT+01:00 Rowland penny
> <rpenny at samba.org <mailto:rpenny at samba.org>
> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>
> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>
>
> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>>>:
>
>
> On 10/02/16 11:12, mathias dufresne wrote:
>
> Hi all,
>
> Using 4.3.4 + Bind DLZ @ Centos 7.
>
> Regarding AD sites, I have several questions:
>
> 1° Is it possible with Samba4 to rename
> Default-First-Site-Name?
>
>
> Depends on what you mean, if you mean can it be
> changed,
> then the
> answer is yes. If you mean can it be changed with
> samba-tool, then no.
>
>
> OK. I tried once and I had to reinstall the whole
> domain. I
> was using RPM manually created with patch for demote dead
> servers. Rpmbuild never complained about that patch but
> samba-tool did not get the option to demote dead servers.
> Perhaps the patch I get wasn't the right one, perhaps that
> patch would have broken part of this packaged samba...
> Of course the issue can come from me, but as I used
> RSAT to
> rename the site, I can't see how I could do a mistake...
>
>
>
> 2° samba-tool sites create <name>
> does not link new site to DEFAUTLIPSITELINK,
> is it the
> correct
> behaviour?
>
>
> Probably not.
>
>
> OK
>
>
> 3° When a DC is not in
> Default-First-Site-Name, no DNS
> records
> related to
> that DC should exists in Default-First-Site-Name
> related DNS
> records. Is
> that true?
> ex:
> _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld
> should not
> exist.
>
>
> Again probably not.
>
>
> According to your next reply, I take your reply as a "yes,
> that's true. A DC should be referenced only in site it
> belongs."
>
> Once more, my question was not clear, sorry about that.
>
>
> 4° When a DC is moved from one site to another
> site,
> all DNS
> records
> related to old site should be automatically
> removed?
>
>
> Yes
>
>
> OK
>
>
> 5° If 4° is true, what trigger the change in DNS
> configuration? Is it a
> samba restart which will run samba_dnsupdate
> which would
> perform that
> creation of DNS records and deletion of the
> old ones or
> samba_dnsupdate (or
> equivalent) is run without the need of a
> restart/reboot?
>
>
> I don't think there is anything to do this at
> present. The
> main
> problem (as I see it) is that when you provision a
> domain,
> all the
> records are created for you, but when you join
> another DC,
> they
> are not. You have to start/restart samba and this
> then adds
> various dns records including the site ones.
>
>
> OK. So no trigger.
>
> samba_dnsupdate should solve the issue as a restart of
> samba
> service or restarting samba is really needed?
>
>
>
> I have been reading the 'samba-tool sites' code and it appears
> that it creates new sites in
> 'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'.
>
> I think it should be creating it in
> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>
>
> I did look into the both domain I have here at work, one is
> 4.3.4 and the other one is 4.4.0rc2.
> There is no CN=Sites,DC=samdom,DC=example,DC=com but only
> CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com.
>
>
> OK, I have only
> 'CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' where
> 'DC=samdom,DC=example,DC=com' is my rootdse i.e the domain name is
> samdom.example.com <http://samdom.example.com>
>
> So samba-tool is not creating site at the wrong place.
Now I have had time to read and properly understand the python code, I
have to agree with you, it does get created in the right place.
>
> Of course there is also no
> CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com and only
> CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
> is present.
>
>
> 'NEWSITE' is a placeholder for whatever site name you want to
> replace Default-First-Site-Name with.
> i.e. if you wanted to add a site called 'mysite' you would end up
> with:
>
> 'CN=mysite,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>
>
> My colleague said: "Thank you Captain Obvious" ;)
Again, I should have gone to spexsavers :-D
>
>
>
> Which version of Samba were you looking into?
>
>
> 4.4 i.e. samba.master
>
> OK. As in fact there is no issue about place were entry is created,
> only the link to defaultipsitelink is missing.
>
> Perhaps something to create new site link could be added, but not sure
> at all it is relevant: Site links are perhaps easier to manage through
> RSAT... I have not enough background to tell. Cardon brothers could
> have a view on that as they deployed some domain with lot of sites and
> had to deal with replication issue, as they told me once. Perhaps they
> also played with site links...
This would seem to be the only missing component and from what I have
found, this link is required for replication or have I misunderstood the
info I found again :-)
Rowland
>
>
>
> I think is should also add a 'siteList' attribute containing
> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
> to
> 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site
> Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>
>
> That's a very interesting information. For now and as I'm
> starting to be pushed by time, I would rely on RSAT to change
> that. That's the only things I spotted as missing with 4.4.0
> and site management (because 4.4.0 comes with improvement of
> site management, thank to devs ;)
>
>
> Ok
>
>
> Rowland
>
>
> Cheers,
>
> mathias
More information about the samba
mailing list