[Samba] messy replication

Adam Weremczuk adamw at matrixscience.com
Thu Jul 18 14:35:06 UTC 2019

On 18/07/19 13:19, Rowland penny via samba wrote:

> OK, from my understanding DC1 is using the internal dns and DC2 is 
> using Bind9.

It's the other way round.
On dc1 port 53 is mapped to /usr/sbin/named -u bind.
On dc2 it's /usr/sbin/samba.
I wasn't sure what to do when I deployed dc2.
I remember installing bind9 on dc2 but then purging it.

BTW - does it matter for replication which backend is being used?
Or is everything expected to fully populate regardless of the DNS 
backend choice?

> I would ensure your clients only use DC1

What's the best way to achieve it?
Through a local firewall?

> turn off Bind9 on DC2 and then run samba-upgradedns to use the 
> internal dns server, this will cure one of your problems. You may have 
> to delete the 'dns-dc2' user manually. There is more to it than just 
> renaming 'dns-dc2' to 'dns-dc1'.
> If you then want to demote DC2, you will need to get into idmap.ldb 
> and make some changes, I would start by trying to change the FSMO role 
> holders to DC1, the ultimate aim will be to get replication working
I thought the plan was to forcefully demote dc2 and dc1 suffers from too 
many config issues to rely on replication.

> speaking of which, have you tried this command:
> samba-tool drs replicate ldap://DC2 ldap://DC1 all

Is it safe to run knowing data on both might be over a week out of sync?
What's the worst that can happen?

More information about the samba mailing list