[Samba] demote old dc
Rowland Penny
rpenny at samba.org
Mon Jan 2 20:01:17 UTC 2023
On 02/01/2023 19:49, Michael Tokarev via samba wrote:
> 02.01.2023 18:11, Rowland Penny via samba wrote:
> ..
>> If you do have a DC with all those lines it is wrong, most of them are
>> defaults, unless you obtained them with 'testparm -s' rather than
>> 'samba-tool testparm'.
>
> What's the difference between the two testparams?
>
> Thanks,
>
> /mjt
>
You wouldn't think there would be anything, but they produce different
output depending on where you run them.
I would only use 'samba-tool testparm' on a DC, for anything else
'testparm'. Using 'testparm' on a DC shows a lot of defaults that are
not on disk e.g.
on one of my DC's
samba-tool testparm
INFO 2023-01-02 14:50:20,592 pid:168822
/usr/lib/python3/dist-packages/samba/netcmd/testparm.py #96: Loaded smb
config files from /etc/samba/smb.conf
INFO 2023-01-02 14:50:20,593 pid:168822
/usr/lib/python3/dist-packages/samba/netcmd/testparm.py #97: Loaded
services file OK.
Press enter to see a dump of your service definitions
# Global parameters
[global]
bind interfaces only = Yes
dns forwarder = 8.8.8.8
dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
interfaces = lo eth0
netbios name = RPIDC1
realm = SAMDOM.EXAMPLE.COM
server role = active directory domain controller
template shell = /bin/bash
workgroup = SAMDOM
idmap_ldb:use rfc2307 = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/samdom.example.com/scripts
read only = No
Yet 'testparm' on the same DC, produces this:
testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed (compatibility fallback; gnutls setting)
Server role: ROLE_ACTIVE_DIRECTORY_DC
# Global parameters
[global]
bind interfaces only = Yes
dns forwarder = 8.8.8.8
dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
interfaces = lo eth0
passdb backend = samba_dsdb
realm = SAMDOM.EXAMPLE.COM
server role = active directory domain controller
template shell = /bin/bash
workgroup = SAMDOM
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
winbindd:use external pipes = true
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
map archive = No
vfs objects = dfs_samba4 acl_xattr
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/samdom.example.com/scripts
read only = No
Notice the difference.
Rowland
More information about the samba
mailing list