[Samba] Questions about adding a DC
Rowland Penny
rpenny at samba.org
Mon Jun 18 16:15:19 UTC 2018
On Mon, 18 Jun 2018 11:42:05 -0400 (EDT)
Tom Diehl via samba <samba at lists.samba.org> wrote:
> Hi,
>
> In reading
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller
> it says "If the other DCs are Samba DCs and were provisioned with
> --use-rfc2307, you Should add --option='idmap_ldb:use rfc2307 = yes'
> to the join command"
>
> So does this mean that rfc2307 should not be used if the other DCs
> are MS DCs? Does the answer change if the ultimate goal is to
> decommission the MS DCs?
Do you have any Unix clients or do have an intention of either using
the Samba DC as a fileserver, or adding any Unix domain members ?
If you do, then add the line to any Samba DC's, if not then you can
ignore it.
>
> In addition,
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings
> states that "you must Create a hot-backup of
> the /usr/local/samba/private/idmap.ldb file on the existing DC:" and
> import into the new DC.
>
> If The existing DC is an MS DC, how do I accomplish this step?
You cannot, because a windows DC will not have that file. There is a
problem (or is it a feature ?) with idmap.ldb on Samba DC's, they can,
and most probably will, return different ID's from each other. So for
Sysvol, you must copy idmap.ldb from the first Samba DC to any other
Samba DC's
>
> The ultimate goal is to migrate from the MS DCs to Samba DC's. I am
> thinking I can use robocopy to sync the sysvol as per
> https://wiki.samba.org/index.php/Robocopy_based_SysVol_replication_workaround
> during the transition.
That is probably the only way you can do it.
Rowland
More information about the samba
mailing list