[Samba] AD + Bind DLZ + Site
mathias dufresne
infractory at gmail.com
Wed Feb 10 17:36:24 UTC 2016
2016-02-10 18:04 GMT+01:00 Rowland penny <rpenny at samba.org>:
> On 10/02/16 16:27, mathias dufresne wrote:
>
>>
>>
>> 2016-02-10 16:54 GMT+01:00 Rowland penny <rpenny at samba.org <mailto:
>> rpenny at samba.org>>:
>>
>> On 10/02/16 15:36, mathias dufresne wrote:
>>
>> My answer below.
>>
>> 2016-02-10 15:38 GMT+01:00 Rowland penny <rpenny at samba.org
>> <mailto:rpenny at samba.org> <mailto:rpenny at samba.org
>> <mailto:rpenny at samba.org>>>:
>>
>> On 10/02/16 14:07, mathias dufresne wrote:
>>
>>
>>
>> 2016-02-10 14:37 GMT+01:00 Rowland penny
>> <rpenny at samba.org <mailto:rpenny at samba.org>
>> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>
>> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>
>>
>> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>>>:
>>
>>
>>
>> On 10/02/16 11:12, mathias dufresne wrote:
>>
>> Hi all,
>>
>> Using 4.3.4 + Bind DLZ @ Centos 7.
>>
>> Regarding AD sites, I have several questions:
>>
>> 1° Is it possible with Samba4 to rename
>> Default-First-Site-Name?
>>
>>
>> Depends on what you mean, if you mean can it be
>> changed,
>> then the
>> answer is yes. If you mean can it be changed with
>> samba-tool, then no.
>>
>>
>> OK. I tried once and I had to reinstall the whole
>> domain. I
>> was using RPM manually created with patch for demote dead
>> servers. Rpmbuild never complained about that patch but
>> samba-tool did not get the option to demote dead servers.
>> Perhaps the patch I get wasn't the right one, perhaps that
>> patch would have broken part of this packaged samba...
>> Of course the issue can come from me, but as I used
>> RSAT to
>> rename the site, I can't see how I could do a mistake...
>>
>>
>>
>> 2° samba-tool sites create <name>
>> does not link new site to DEFAUTLIPSITELINK,
>> is it the
>> correct
>> behaviour?
>>
>>
>> Probably not.
>>
>>
>> OK
>>
>>
>> 3° When a DC is not in
>> Default-First-Site-Name, no DNS
>> records
>> related to
>> that DC should exists in Default-First-Site-Name
>> related DNS
>> records. Is
>> that true?
>> ex:
>> _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld
>> should not
>> exist.
>>
>>
>> Again probably not.
>>
>>
>> According to your next reply, I take your reply as a "yes,
>> that's true. A DC should be referenced only in site it
>> belongs."
>>
>> Once more, my question was not clear, sorry about that.
>>
>>
>> 4° When a DC is moved from one site to another
>> site,
>> all DNS
>> records
>> related to old site should be automatically
>> removed?
>>
>>
>> Yes
>>
>>
>> OK
>>
>>
>> 5° If 4° is true, what trigger the change in DNS
>> configuration? Is it a
>> samba restart which will run samba_dnsupdate
>> which would
>> perform that
>> creation of DNS records and deletion of the
>> old ones or
>> samba_dnsupdate (or
>> equivalent) is run without the need of a
>> restart/reboot?
>>
>>
>> I don't think there is anything to do this at
>> present. The
>> main
>> problem (as I see it) is that when you provision a
>> domain,
>> all the
>> records are created for you, but when you join
>> another DC,
>> they
>> are not. You have to start/restart samba and this
>> then adds
>> various dns records including the site ones.
>>
>>
>> OK. So no trigger.
>>
>> samba_dnsupdate should solve the issue as a restart of
>> samba
>> service or restarting samba is really needed?
>>
>>
>>
>> I have been reading the 'samba-tool sites' code and it appears
>> that it creates new sites in
>> 'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'.
>>
>> I think it should be creating it in
>> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>>
>>
>> I did look into the both domain I have here at work, one is
>> 4.3.4 and the other one is 4.4.0rc2.
>> There is no CN=Sites,DC=samdom,DC=example,DC=com but only
>> CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com.
>>
>>
>> OK, I have only
>> 'CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' where
>> 'DC=samdom,DC=example,DC=com' is my rootdse i.e the domain name is
>> samdom.example.com <http://samdom.example.com>
>>
>> So samba-tool is not creating site at the wrong place.
>>
>
> Now I have had time to read and properly understand the python code, I
> have to agree with you, it does get created in the right place.
>
>
>> Of course there is also no
>> CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com and only
>> CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
>> is present.
>>
>>
>> 'NEWSITE' is a placeholder for whatever site name you want to
>> replace Default-First-Site-Name with.
>> i.e. if you wanted to add a site called 'mysite' you would end up
>> with:
>>
>> 'CN=mysite,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>>
>>
>> My colleague said: "Thank you Captain Obvious" ;)
>>
>
> Again, I should have gone to spexsavers :-D
>
>
>>
>>
>> Which version of Samba were you looking into?
>>
>>
>> 4.4 i.e. samba.master
>>
>> OK. As in fact there is no issue about place were entry is created, only
>> the link to defaultipsitelink is missing.
>>
>> Perhaps something to create new site link could be added, but not sure at
>> all it is relevant: Site links are perhaps easier to manage through RSAT...
>> I have not enough background to tell. Cardon brothers could have a view on
>> that as they deployed some domain with lot of sites and had to deal with
>> replication issue, as they told me once. Perhaps they also played with site
>> links...
>>
>
> This would seem to be the only missing component and from what I have
> found, this link is required for replication or have I misunderstood the
> info I found again :-)
>
Yep, that's also how I feel the purpose of that thing : )
(No it's not too clear in my mind ^^)
>
> Rowland
>
>>
>>
>>
>> I think is should also add a 'siteList' attribute containing
>> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>> to
>> 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site
>> Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>>
>>
>> That's a very interesting information. For now and as I'm
>> starting to be pushed by time, I would rely on RSAT to change
>> that. That's the only things I spotted as missing with 4.4.0
>> and site management (because 4.4.0 comes with improvement of
>> site management, thank to devs ;)
>>
>>
>> Ok
>>
>>
>> Rowland
>>
>>
>> Cheers,
>>
>> mathias
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list