Samba4 BDC with Samba4 PDC

Sun Jun 3 17:43:16 MDT 2012

On Sun, 2012-06-03 at 17:30 +0100, Mike Howard wrote:
> On 03/06/2012 17:01, Mike Howard wrote:
> > On 03/06/2012 11:15, Andrew Bartlett wrote:
> >> On Sun, 2012-06-03 at 09:59 +0100, Mike Howard wrote:
> >>> I have had samba4 (Version 4.0.0alpha21-GIT-073666e) up and running as
> >>> the PDC on my network, currently with BIND9_DLZ and Bind9.9, working
> >>> well for a little while.
> >>>
> >>> For redundancy, I'd like to add a Samba 4 BDC, also BIND9_DLZ with
> >>> Bind9.9. To this end I grabbed the latest from git (Version
> >>> 4.0.0alpha22-GIT-29a51a2) and installed it, however there is not a lot
> >>> (any?) info out there on how things should be done _properly_ from a
> >>> configuration point of view, i.e. on the BDC is there a smb.conf or 
> >>> not,
> >>> how is the krb5.conf configured, how is /etc/resolv.conf configured?
> >>>
> >>> Anyway, I can join the the BDC to the domain with;
> >> ...
> >>> Joined domain MYDOMAIN (SID S-1-5-21-2874647136-1364824720-2698236840)
> >>> as a DC
> >>>
> >>> The process of joining the BDC to the domain seems to shutdown bind on
> >>> the PDC and neither '/usr/local/samba/private/named.conf' nor
> >>> '/usr/local/samba/private/dns/' are created on the BDC.
> >>>
> >>> I can (and did) add the followong to my 'named.conf.local'.
> >>>
> >>> dlz "AD DNS Zone" {
> >>>       # For BIND 9.9.0
> >>>           database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_9.so";
> >>> };
> >>>
> >>> but bind will not restart as '/usr/local/samba/private/dns/' and it's
> >>> contents are missing.
> >>>
> >>> Can anybody give me some pointers or point me at any info that will 
> >>> help
> >>> with the correct configuration?
> >> See the other posts on this list about ensuring the DNS partitions are
> >> replicated, then run samba_upgradedns to populate the DNS directory for
> >> the second DC.
> >>
> >> There is a fair bit of info in the list archives on this.  Hopefully we
> >> can make this more automatic in the future.
> >>
> >> Andrew Bartlett
> > Hi,
> >
> > Sorry, I obviously need to improve my search techniques. Thanks for 
> > the pointers.
> >
> > Sadly, none of them worked but not to worry, it is after all only 
> > alpha software.
> >
> > What is the the time scale for samba4 actually being usable in a 
> > 'real' environment, or more specifically, being able to provide what 
> > windows server currently provides from an AD/DNS point of view? Whilst 
> > I've been running samba4 for a while (and quite impressive it is too), 
> > obviously high availability is really important and being able to 
> > 'just' install and go ala MS (despite all it's drawbacks) is pretty 
> > key. A BDC is a key component.
> >
> > Mike Howard.
> >
> Following up my own post, sorry, but if I was to provision the the PDC 
> with no dns (--dns-backend=NONE) and relied totally on bind9 (as I would 
> like to) for dns/ddns, what are the potential pitfalls? There must be 
> some or this particular set up would not be described as 'not 
> recommended' but what are they?

A few things would happen.  First you would not get any of the DNS
entries you required - at least use the old default of the FLAT_FILE
backend.  The second is that unless you get all the dynamic DNS stuff
fully correct, and you reload bind at the right time, when you join your
second DC it won't put itself in DNS correctly.

Finally, you would have a single master for DNS, and not be able to
interoperate with any Microsoft AD DNS servers in the domain. 

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org