[Samba] messy replication
rpenny at samba.org
Thu Jul 18 14:52:25 UTC 2019
On 18/07/2019 15:35, Adam Weremczuk via samba wrote:
> On 18/07/19 13:19, Rowland penny via samba wrote:
>> OK, from my understanding DC1 is using the internal dns and DC2 is
>> using Bind9.
> It's the other way round.
> On dc1 port 53 is mapped to /usr/sbin/named -u bind.
> On dc2 it's /usr/sbin/samba.
> I wasn't sure what to do when I deployed dc2.
> I remember installing bind9 on dc2 but then purging it.
Then you do not need the user 'dns-DC2'
> BTW - does it matter for replication which backend is being used?
All DC's are supposed to replicate to all other DC's
> Or is everything expected to fully populate regardless of the DNS
> backend choice?
Just as long as a DC can find the other DC's, replication should occur.
>> I would ensure your clients only use DC1
> What's the best way to achieve it?
> Through a local firewall?
>> turn off Bind9 on DC2 and then run samba-upgradedns to use the
>> internal dns server, this will cure one of your problems. You may
>> have to delete the 'dns-dc2' user manually. There is more to it than
>> just renaming 'dns-dc2' to 'dns-dc1'.
>> If you then want to demote DC2, you will need to get into idmap.ldb
>> and make some changes, I would start by trying to change the FSMO
>> role holders to DC1, the ultimate aim will be to get replication working
> I thought the plan was to forcefully demote dc2 and dc1 suffers from
> too many config issues to rely on replication.
I thought that was the plan as well, but you then seemed to want to try
and fix DC2 so you could demote it, my plan would be to:
TURN OFF DC2
Remove any trace of DC2 from DC1
Run 'samba-tool dbcheck --fix --yes --cross-ncs'
Hopefully this will fix DC1, but your Samba is that old, I cannot
remember if that will run on your DC.
Your main problem is that your DC is in production, that is why I said
to back everything up before you start. I would also do all of this when
your network is down, at the weekend maybe ??
More information about the samba