[Samba] demote old dc

Rowland Penny rpenny at samba.org
Mon Jan 2 20:01:17 UTC 2023 


On 02/01/2023 19:49, Michael Tokarev via samba wrote:
> 02.01.2023 18:11, Rowland Penny via samba wrote:
> ..
>> If you do have a DC with all those lines it is wrong, most of them are 
>> defaults, unless you obtained them with 'testparm -s' rather than 
>> 'samba-tool testparm'.
> 
> What's the difference between the two testparams?
> 
> Thanks,
> 
> /mjt
> 

You wouldn't think there would be anything, but they produce different 
output depending on where you run them.

I would only use 'samba-tool testparm' on a DC, for anything else 
'testparm'. Using 'testparm' on a DC shows a lot of defaults that are 
not on disk e.g.

on one of my DC's

samba-tool testparm
INFO 2023-01-02 14:50:20,592 pid:168822 
/usr/lib/python3/dist-packages/samba/netcmd/testparm.py #96: Loaded smb 
config files from /etc/samba/smb.conf
INFO 2023-01-02 14:50:20,593 pid:168822 
/usr/lib/python3/dist-packages/samba/netcmd/testparm.py #97: Loaded 
services file OK.
Press enter to see a dump of your service definitions

# Global parameters
[global]
	bind interfaces only = Yes
	dns forwarder = 8.8.8.8
	dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
	interfaces = lo eth0
	netbios name = RPIDC1
	realm = SAMDOM.EXAMPLE.COM
	server role = active directory domain controller
	template shell = /bin/bash
	workgroup = SAMDOM
	idmap_ldb:use rfc2307 = yes

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

[netlogon]
	path = /var/lib/samba/sysvol/samdom.example.com/scripts
	read only = No

Yet 'testparm' on the same DC, produces this:

testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed (compatibility fallback; gnutls setting)

Server role: ROLE_ACTIVE_DIRECTORY_DC

# Global parameters
[global]
	bind interfaces only = Yes
	dns forwarder = 8.8.8.8
	dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
	interfaces = lo eth0
	passdb backend = samba_dsdb
	realm = SAMDOM.EXAMPLE.COM
	server role = active directory domain controller
	template shell = /bin/bash
	workgroup = SAMDOM
	rpc_server:tcpip = no
	rpc_daemon:spoolssd = embedded
	rpc_server:spoolss = embedded
	rpc_server:winreg = embedded
	rpc_server:ntsvcs = embedded
	rpc_server:eventlog = embedded
	rpc_server:srvsvc = embedded
	rpc_server:svcctl = embedded
	rpc_server:default = external
	winbindd:use external pipes = true
	idmap_ldb:use rfc2307 = yes
	idmap config * : backend = tdb
	map archive = No
	vfs objects = dfs_samba4 acl_xattr


[sysvol]
	path = /var/lib/samba/sysvol
	read only = No


[netlogon]
	path = /var/lib/samba/sysvol/samdom.example.com/scripts
	read only = No

Notice the difference.

Rowland

More information about the samba mailing list