[Samba] Permission issue

[Rowland Penny]

On Wed, 13 Feb 2019 06:36:29 +0000
Praveen Ghimire <PGhimire at sundata.com.au> wrote:

> Hi Rowland,
> 
> The DNS will be in the AD Domain Controller. What I was asking is
> that if you have another DNS server (bind) , can we replicate the DNS
> between them? 

The DNS records in AD should be replicated to all DC's in the domain
and if you install Bind9 on your Samba AD DC your DC can use it.


>We'll change the DHCP to point the primary DNS to the
> AD box. However, there will be machines (including servers) which
> will be pointing to the existing DNS server.  To allow them to
> resolve the new AD zone, what do we do? 

If the machines are in the AD domain, they should use an AD DC as their
nameserver.

> 
> As it stands, the Samba  (NT4) box doesn’t have either DHCP or DNS ,
> for argument sake let's call it ServerA. It is handled by a another
> Ubuntu server, Server B. When we classic upgrade , Server A, it will
> have the DNS setup as part of the upgrade process. The question is do
> I use Samba_Internal or Bind9_DLZ? I've tried both. 

The choice is up to you, whatever works best for you, the only thing to
really consider, Bind9 scales better than the internal.

>It sets DNS
> server as it doesn’t have much to populate, the AD DNS zone is pretty
> empty. I then setup the smb.conf with dns update = secure and
> nonsecure.  I then promoted a 2008R2 box as  DC and used powershell
> to dump the zone info from ServerB.

There wouldn't be much in the AD DNS zones, it is a new AD domain. I
don't understand why you needed the 2008R2, you could have done the
same with bash etc.

> 
> I was thinking of setting up Server A as secondary DNS server in
> Server B to resolve the AD DNS zones.

I am sure I have already said this, but, ALL Samba AD DC's are
authoritative for the DNS domain, they cannot be secondary servers, you
also shouldn't be using flatfiles with Bind9 and Samba AD DC's.

Rowland