[Samba] Extending the AD schema
John Gardeniers
jgardeniers at objectmastery.com
Mon Sep 5 21:23:09 UTC 2016
Hi Andrew,
Thanks for the info. A backup before hand was always on the to do list. ;)
Any idea when we can expect 4.5? It's looking like this "urgent" project
can be delayed a bit if necessary.
regards,
John
On 05/09/16 17:55, Andrew Bartlett via samba wrote:
> On Mon, 2016-09-05 at 10:23 +1000, John Gardeniers via samba wrote:
>> We're looking at implementing Sudoers LDAP on our Samba 4 AD domain.
>> While this worked perfectly in a test environment previously, I am
>> always extremely nervous about the possibility of stuffing things up
>> on
>> production.
>>
>> Given a domain with multiple DCs (two in our case), should I do add
>> the
>> schema extension with all DCs on line or should one by taken off line
>> to
>> provide an emergency backup in case things go wrong? In this case
>> will
>> the schema extension reliably propagate to the DC which was off line
>> at
>> the time?
>>
>> Way back (maybe 13 years or so ago) when I was managing a pure
>> Windows
>> AD environment I asked a similar question and received advise pretty
>> much evenly distributed between those two methods.
> I would make the change with Samba 4.5 once it comes out. We fixed a
> lot of schema bugs with that release.
>
> Unlike a windows DC, making backups of and restoring just the sam.ldb
> files on a Samba DC is really easy, so do that too.
>
> Once you do that, online should be fine.
>
> Andrew Bartlett
>
More information about the samba
mailing list