[Samba] AD across sites
Rowland penny
rpenny at samba.org
Fri Jun 7 11:09:14 UTC 2019
On 07/06/2019 11:57, Praveen Ghimire wrote:
> Hi Rowland,
>
> Let’s say due to number of machines involved, it is not practical to drop them off the NT4 domain all at once. We are thinking are two possible options
> - VLAN the ports and only allow certain machines to talk to serverb
> - Or use the host deny and host allow in smb.conf, example
> Host allow 10.10.10.5
> Host deny 10.10.10.0
Don't think this will work, Active directory runs on DNS and doesn't
actually need the reverse zone, I think you will need to ensure the old
machines are not connected in anyway.
>
> Preferably the second one
>
> Other questions
> If we have bind9 dlz across both would the dns replicate
BIND_DLZ works by storing the dns info in AD, so the dns records will be
replicated to all DC's in the domain.
> As both servers are Linux, would the stability replicate without having to sync them manually
Not sure what you mean by stability ?
All Samba AD DC's replicate most attributes to other DC's, but there are
a few attributes that are not replicated, this is an AD thing, not a
Samba AD thing. What isn't replicate is Sysvol and idmap.ldb, so you
will need to sync these between DC's.
Rowland
More information about the samba
mailing list