[Samba] adding windows DC to samba AD
mj
lists at merit.unu.edu
Mon May 10 17:16:45 UTC 2021
Hi,
My goal is to add a native windows DC to my otherwise samba-only AD.
I started by raising the domain functional level from 2003 to 2008R2,
while on samba 4.13.7, by doing just:
> samba-tool domain level raise --domain-level=2008_R2
> samba-tool domain level raise --forest-level=2008_R2
I cloned my 3 production DC VMs to an isolated network, and confirmed
that they were happy there. (replicating, etc)
Then I tried adding a windows x64 2008R2 DC following the instructions from:
https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD
The result is: 90-95% CPU usage for rpc(0) process on the 4.13.7 samba
DC during initial replication, and the replication takes eternally
(hanging on CN=Configuration for 90 minutes, with no visible progress)
I'll leave it for the night, perhaps it just takes *very* long.
(the status is: Replicating data CN=Configuration,DC=samba... Received
1625 out of approx 1625 objects, and 18 out of approx 18 DN values)
The new windows DC shows up in samba-tool drs showrepl as
"WERR_FILE_NOT_FOUND"
Not sure about adding win2012 (or win2012R2) because of the warning
listed here:
https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD
("Joining a Windows Server 2012 or 2012 R2 DC to a Samba AD breaks the
AD replication! Do not use this documentation until the problem is fixed!
For more details, see Bug #13618 and Bug #13619.")
Besides (I tried it anyway...) and it showed that adding a win2012 DC
directly does not work, because of the incompatible (WMI) protocol used.
I read it has to be done 'through' a win2008 DC anyway.
My goal is to test the azure cloud provisioning agent, and connect it to
this new dedicated windows DC. For the rest I'd like my network to
remain samba.
I will try adding the 2008R2 DC again tomorrow with a higher samba log
level, because at the moment it is unclear why CPU usage is high, and
what it is hanging on.
If anyone has insights to share, they would be welcomed and appreciated. :-)
Thanks,
MJ
More information about the samba
mailing list