[Samba] User Permissions issue

Rowland Penny rpenny at samba.org
Wed Jan 17 11:02:38 UTC 2018

On Wed, 17 Jan 2018 12:42:24 +0200
Harsh Kukreja <h.kukreja at ium.edu.na> wrote:

> Hi Denis & Rowland
> Thanks for the suggestion to trim the smb.conf after which the DC-1 is
> connecting to the Windows Server 2008 shared folder smbclient -k
> //IUMSVRAPP01/Pastel12 -d 9
> and DC-2 is also connecting after using the DNS name of the Windows
> server.
> *You'd better switch your DNS to Bind-DLZ. Internal DNS is not that
> good for larger site (looking at your DNS domain name, I guess it
> might be a university). You can take a look there [1]
> Yes you are right we are a University which is growing every year and
> I want to switch from INTERNAL DNS to BIND-DLZ. I will follow the
> instructions given in your wiki link but before doing I like to clear
> few doubts:
> 1. Can I migrate from Internal to Bind-DLZ in a running samba
> environment.

> 2. Will it migrate all the current DNS records.

Well, yes and no ;-)
The DNS records are in AD and as such are not touched, upgrading to
Bind9 just sets up Bind to use these records and turns off the internal
Samba dns server.

> 3. Do I have to do the same migration for other samba DC's in the
> network.

This is not mandatory, but is a very very very good idea.
> 4. I also have samba RODC in the network so do I have to
> migrate it from Internal to Bind-DLZ.

See the answer to 3, plus if you using an RODC running a version of
Samba < 4.7.0, you should upgrade Samba.

> 5. Do I have to install Bind-DLZ package on a different machine or it
> can be installed on the same Samba machine.

You must install Bind9 on the DC.


More information about the samba mailing list