[Samba] 4.9.x -> 4.10.x : any major things to consider?
Rowland penny
rpenny at samba.org
Tue Nov 26 20:37:55 UTC 2019
On 26/11/2019 20:23, Stefan G. Weichinger via samba wrote:
> Am 26.11.19 um 20:53 schrieb Stefan G. Weichinger via samba:
>> Am 26.11.19 um 20:50 schrieb Rowland penny via samba:
>>> On 26/11/2019 19:44, Stefan G. Weichinger via samba wrote:
>>>> Am 26.11.19 um 20:39 schrieb Rowland penny via samba:
>>>>
>>>>>> I assume I have to start over: demote that DC2 etc
>>>>>>
>>>>>> Should have left office when I could an hour ago.
>>>>>>
>>>>> Definitely sounds like you should, you are probably tired and it is
>>>>> easy to make mistakes when you are tired.
>>>> So you suggest to let the domain run on ADC1 only ... and do the
>>>> demoting etc tmrw ?
>>>>
>>>> Sounds right. Although it would also feel good to fix it before bed.
>>>>
>>>>
>>>>
>>> If the domain is going to get little use overnight, then yes, you could
>>> do this, but I was really referring to not doing things when you are
>>> tired ;-)
>>>
>>> If you are going to let the domain run overnight on one DC, then I would
>>> demote the second DC before you go home ;-)
>> I *am* at home, that's even more sad ;-)
>>
>> And why not "rejoin" as well ... ?
> I think I won't demote right now and just leave it as it is. So far the
> shares etc work fine ...
>
> the samba-ad-dc.service doesn't even start so I assume it won't make
> much difference (no communication anyway)? I could shutdown the whole
> server.
>
> -
>
> I plan to demote DC2 ("adc2"= hostname) remotely tomorrow.
>
> After that I would like to learn how to re-add it.
>
> https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC#Demoting_an_Offline_Domain_Controller
>
> says:
>
> "You must not reconnect a DC to the network, that was demoted remotely.
> Your AD can get inconsistent."
>
> which scares me a bit. What does that mean exactly? I have to reconnect
> with the same old hostname, but is it sufficient if I clear
> adc2:/var/lib/samba before to make it a brandnew machine?
>
> thanks all, good night and good backups
>
>
Ah, that could be worded better ;-)
What it means is:
If a DC fails for some reason and is stopped and then demoted on another
DC (the failed DC is no longer a DC), you must not simply fix the old DC
and restart it. This is because the domain no longer recognises the
demoted DC, but it will still think it is a DC and will try to replicate
to and from the domain, this will destroy your domain.
Rowland
More information about the samba
mailing list