[Samba] AD across sites

Rowland penny rpenny at samba.org
Fri Jun 7 11:09:14 UTC 2019

On 07/06/2019 11:57, Praveen Ghimire wrote:
> Hi Rowland,
> Let’s say due to number of machines involved, it is not practical to drop them off the NT4 domain all at once. We are thinking are two possible options
> - VLAN the ports and only allow certain machines to talk to serverb
> - Or use the host deny and host allow in smb.conf, example
> Host allow
> Host deny
Don't think this will work, Active directory runs on DNS and doesn't 
actually need the reverse zone, I think you will need to ensure the old 
machines are not connected in anyway.
> Preferably the second one
> Other questions
> If we have bind9 dlz across both would the dns replicate
BIND_DLZ works by storing the dns info in AD, so the dns records will be 
replicated to all DC's in the domain.
> As both servers are Linux, would the stability replicate without having to sync them manually

Not sure what you mean by stability ?

All Samba AD DC's replicate most attributes to other DC's, but there are 
a few attributes that are not replicated, this is an AD thing, not a 
Samba AD thing. What isn't replicate is Sysvol and idmap.ldb, so you 
will need to sync these between DC's.


More information about the samba mailing list