[Samba] new DC via clone..

Kees van Vloten keesvanvloten at gmail.com
Mon Jul 22 16:53:26 UTC 2024 

On 22-07-2024 17:49, Rowland Penny via samba wrote:
> On Mon, 22 Jul 2024 16:48:59 +0200
> Joachim Lindenberg via samba <samba at lists.samba.org> wrote:
>
>> Hello Rowland,
>> there can be a lot more services than just the OS and Samba-AD-DC.
> Just like Microsoft, Samba doesn't recommend using a DC for other
> services and running it in some form of VM doesn't make it different.

I think Joachim mentioned Bind as software he is running, which is 
perfectly fine. And obviously on any Linux server there are quite a few 
more daemons that run.

Some 10 years ago I made a lot of images to clone with VMware (ESX), and 
I can tell, it is a tedious job to get a well prepared image. The same 
is true for the scripts required to personalize it again after cloning.

The more complex your machine is setup, the more complex this tasks 
becomes. It is as simple as that, but certainly not impossible.

In any case I would advice to invest time in creating a repeatable setup 
/ config mechanism for every type of server you have. Use Ansible, 
Saltstack, Terraform, Chef etc. or just bash scripts. That makes the 
machine itself and its software + configs disposable. When it breaks, 
just run the code against a fresh base-OS and you are back in business. 
The only thing still required is a good backup of your data and a 
**tested** restore procedure!

- Kees.

>> As
>> a must have you have to configure bind, and in my specific case I
>> have also a pi-hole and stubby running with docker in order to
>> provide complete DNS services on the DCs. Cloning is definitely a
>> huge saving of time than starting from scratch. Everybody except
>> probably Samba today uses clones where possible.
> As I said, I wouldn't clone a DC, but a quick internet search turns up
> that you can clone a Microsoft AD DC, provided a few criteria are met:
>
> It is only running software essential for the DC.
> It holds most, if not all, the FSMO roles.
> Can be powered down for a short while.
> It is best to be already virtualised.
>
> Your clone does not seem to match the above.
>
> You are having problems, which may be just down to Samba, or they could
> be due to an interaction between Samba and some other piece of software.
>
> I suggest you start with a fresh VM, install Samba in that and join it
> as a DC (using the internal dns server), if that works okay, then add
> Bind and keep adding things until it stops working, at which point you
> may be able to work out what the problem is. If the new Samba gives you
> the same problem that you are having now, then it will be less software
> in the way when trying to sort out the problem.
>
> Rowland
>
>
>

More information about the samba mailing list