[Samba] Setting up Backup AD DC
norbert.hanke at gmx.ch
Fri Oct 30 14:21:57 UTC 2020
On 29.10.2020 18:27, Tom Diehl via samba wrote:
> On Thu, 29 Oct 2020, Rowland penny via samba wrote:
>> On 29/10/2020 14:43, Marco Shmerykowsky via samba wrote:
>>> I want to setup a backup AD DC and have a few quick
>>> (possibly dumb) questions:
>> No, you just want to add another DC
>>> 1) Is this link the best reference to the procedure to
>>> create the backup AD DC?
>> It is a good start, then ask any questions here.
>>> 2) What is considered the best samba option of
>>> the 3 listed for Sysvol Replication under the Subsection
>>> titled "Built-in User & Group ID Mappings" in the
>>> link provided above?
>> This is very subjective, if you ask 100 Samba users 'which is best',
>> you will probably get about 150 different answers :-D
>>> 3) Does the backup and the primary need to run the
>>> same version of samba?
>> I think you mean 'Does the DC with all the FSMO roles and any other
>> DC need to run the same version of Samba' , to which the answer would
>> Ideally yes, but different versions will work together, just don't
>> try to use something like 4.1.x and 4.12.x together, it may work, but
>> I would bet there will be problems.
> Maybe I am missing something, but what is the secure way to run an
> backup on recent versions of samba? Can samba-tool domain backup be
> made to use
> kerberos so I do not need to store an admin password in an unencrypted
With Kerberos you need to have an [unencrypted] keytab file. Of course
that is better than a password in a file, but it's not fundamentally
different. The keytab content is just harder to spell than a password.
More information about the samba