[Samba] Joining a new Samba AD DC

Mark Foley mfoley at novatec-inc.com
Tue Jul 25 05:53:57 UTC 2023 

On Jul 24 13:30:11 2023 Rowland Penny via samba <samba at lists.samba.org> wrote:

> On 24/07/2023 17:46, Mark Foley via samba wrote:
> > I removed the new computer from the domain and deleted the smb.conf file. I then
> > did:
> > 
> > samba-tool domain join hprs.local DC --option='idmap_ldb:use rfc2307 = yes' -U Administrator

[deleted]

> It sounds like you now have a DC :-)

> > Note that I did not specify any --dns-backend.  I hope that's OK as I
> > provisioned with --dns-backend=BIND9_FLATFILE on the original/current DC.  I do
> > have LAN members not part of the domain that need to have DNS service, so I may
> > have to redo this later.
>
> If you didn't specify a dns backend, then the default internal dns 
> server will be used.
>
> > Under "Verifying the DNS Entries" I did change the 1st IP in resolv.conf to be this new host's
> > IP, but that didn't work -- couldn't see any other host, so I reverted back to
> > the original DC's IP. However, that's not working either, even after a reboot. I
> > switched back to the new DC's IP and rebooted. Again, not working. So, something
> > is wrong with the DNS setup.
>
> The dns problem is probably because there are no records in AD, you need 
> to either transfer the records from the flat files (you will probably 
> have to create the reverse zone) or let your Windows computers create 
> them in AD.

OK, I'll look at that after the sync Sysvol. On the original DC, that machine
was already the DNS w/o Samba with all the named.conf, zones, etc. configured.
It was easy to adapt that to the then supported --dns-backend=BIND9_FLATFILE. I
think I can research this a bit and sort it out.

[deleted]

> > Next I ran 'net cache flush' on the new DC; seemed to work (no error).
> > 
> > Next 'samba-tool ntacl sysvolreset', but I had a problem with that:
> > 
> > # samba-tool ntacl sysvolreset
> > set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND

[deleted]

> > What did I do wrong? Note that samba is not yet running.
>
> Did you also sync Sysvol ?
> On a newly joined DC, there is very little in sysvol, it needs to be 
> synced from a DC that holds all the GPO's.

The wiki says, "You will now need to sync Sysvol to the new DC." I thought then
sysvolreset was that. Is there a wiki/howto on how to sync Sysvol?

> ... it is just that Debian (and Debian base distros, 
> Ubuntu for instance) has been the goto distro for a Samba AD DC since 
> Samba 4.0.0 and there is a lot of Knowledge out there. I run two Samba 
> AD DCs on Raspberry pi OS (Debian based), so I can vouch that it works well.
>
> Rowland

Wow, on a Raspberry pi, eh? That's impressive for a Raspberry! I may be the only
one running this on Slackware. However, I don't really think the actual setup is
much different by distro other than certainly what Samba version it supports.
Slackware tends to lag, on purpose -- let others be the delta-tester. I hope this
exercise does't prove me wrong.

Thanks --Mark

More information about the samba mailing list