Hi all, Using 4.3.4 + Bind DLZ @ Centos 7. Regarding AD sites, I have several questions: 1° Is it possible with Samba4 to rename Default-First-Site-Name? 2° samba-tool sites create <name> does not link new site to DEFAUTLIPSITELINK, is it the correct behaviour? 3° When a DC is not in Default-First-Site-Name, no DNS records related to that DC should exists in Default-First-Site-Name related DNS records. Is that true? ex: _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld should not exist. 4° When a DC is moved from one site to another site, all DNS records related to old site should be automatically removed? 5° If 4° is true, what trigger the change in DNS configuration? Is it a samba restart which will run samba_dnsupdate which would perform that creation of DNS records and deletion of the old ones or samba_dnsupdate (or equivalent) is run without the need of a restart/reboot? For others questions I have still tests to perform. Thanks and regards, mathias dufresne
Another question: 6° In DNS zone _msdcs, at root, there is one DNS record per DC. These records are those which have to create manually and are rlated to objectGuid as explained there: https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins#Resolve_the_objectGUID_CNAME_record_of_the_new_joined_Domain_Controller I have for now 4 DC in my second site, two of them have 2 records when the 2 others have only 1. These additional records are <DC related objectGuid>CNF:<another uuid> <another uuid> is not the same for these two records. These two records are related to 2 different DC. Are they supposed to exist? If yes aren't they supposed to exist for all 4 DC in this second site? Best regards, mathias 2016-02-10 12:12 GMT+01:00 mathias dufresne <infractory at gmail.com>:> Hi all, > > Using 4.3.4 + Bind DLZ @ Centos 7. > > Regarding AD sites, I have several questions: > > 1° Is it possible with Samba4 to rename Default-First-Site-Name? > > 2° samba-tool sites create <name> > does not link new site to DEFAUTLIPSITELINK, is it the correct behaviour? > > 3° When a DC is not in Default-First-Site-Name, no DNS records related to > that DC should exists in Default-First-Site-Name related DNS records. Is > that true? > ex: _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld should not > exist. > > 4° When a DC is moved from one site to another site, all DNS records > related to old site should be automatically removed? > > 5° If 4° is true, what trigger the change in DNS configuration? Is it a > samba restart which will run samba_dnsupdate which would perform that > creation of DNS records and deletion of the old ones or samba_dnsupdate (or > equivalent) is run without the need of a restart/reboot? > > For others questions I have still tests to perform. > > Thanks and regards, > > mathias dufresne >
On 10/02/16 11:12, mathias dufresne wrote:> Hi all, > > Using 4.3.4 + Bind DLZ @ Centos 7. > > Regarding AD sites, I have several questions: > > 1° Is it possible with Samba4 to rename Default-First-Site-Name?Depends on what you mean, if you mean can it be changed, then the answer is yes. If you mean can it be changed with samba-tool, then no.> > 2° samba-tool sites create <name> > does not link new site to DEFAUTLIPSITELINK, is it the correct behaviour?Probably not.> 3° When a DC is not in Default-First-Site-Name, no DNS records related to > that DC should exists in Default-First-Site-Name related DNS records. Is > that true? > ex: _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld should not > exist.Again probably not.> 4° When a DC is moved from one site to another site, all DNS records > related to old site should be automatically removed?Yes> 5° If 4° is true, what trigger the change in DNS configuration? Is it a > samba restart which will run samba_dnsupdate which would perform that > creation of DNS records and deletion of the old ones or samba_dnsupdate (or > equivalent) is run without the need of a restart/reboot?I don't think there is anything to do this at present. The main problem (as I see it) is that when you provision a domain, all the records are created for you, but when you join another DC, they are not. You have to start/restart samba and this then adds various dns records including the site ones. Rowland> For others questions I have still tests to perform. > > Thanks and regards, > > mathias dufresne
On 10/02/16 11:20, mathias dufresne wrote:> Another question: > 6° In DNS zone _msdcs, at root, there is one DNS record per DC. These > records are those which have to create manually and are rlated to > objectGuid as explained there: > https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins#Resolve_the_objectGUID_CNAME_record_of_the_new_joined_Domain_Controller > > I have for now 4 DC in my second site, two of them have 2 records when the > 2 others have only 1. > These additional records are <DC related objectGuid>CNF:<another uuid> > > <another uuid> is not the same for these two records. These two records are > related to 2 different DC. > > Are they supposed to exist? If yes aren't they supposed to exist for all 4 > DC in this second site? > >Every DC should have the record you refer to, so it looks like you need find the ones you do not have and add them. Rowland
2016-02-10 14:37 GMT+01:00 Rowland penny <rpenny at samba.org>:> On 10/02/16 11:12, mathias dufresne wrote: > >> Hi all, >> >> Using 4.3.4 + Bind DLZ @ Centos 7. >> >> Regarding AD sites, I have several questions: >> >> 1° Is it possible with Samba4 to rename Default-First-Site-Name? >> > > Depends on what you mean, if you mean can it be changed, then the answer > is yes. If you mean can it be changed with samba-tool, then no. >OK. I tried once and I had to reinstall the whole domain. I was using RPM manually created with patch for demote dead servers. Rpmbuild never complained about that patch but samba-tool did not get the option to demote dead servers. Perhaps the patch I get wasn't the right one, perhaps that patch would have broken part of this packaged samba... Of course the issue can come from me, but as I used RSAT to rename the site, I can't see how I could do a mistake...> > >> 2° samba-tool sites create <name> >> does not link new site to DEFAUTLIPSITELINK, is it the correct behaviour? >> > > Probably not. >OK> > 3° When a DC is not in Default-First-Site-Name, no DNS records related to >> that DC should exists in Default-First-Site-Name related DNS records. Is >> that true? >> ex: _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld should not >> exist. >> > > Again probably not. >According to your next reply, I take your reply as a "yes, that's true. A DC should be referenced only in site it belongs." Once more, my question was not clear, sorry about that.> > 4° When a DC is moved from one site to another site, all DNS records >> related to old site should be automatically removed? >> > > Yes >OK> > 5° If 4° is true, what trigger the change in DNS configuration? Is it a >> samba restart which will run samba_dnsupdate which would perform that >> creation of DNS records and deletion of the old ones or samba_dnsupdate >> (or >> equivalent) is run without the need of a restart/reboot? >> > > I don't think there is anything to do this at present. The main problem > (as I see it) is that when you provision a domain, all the records are > created for you, but when you join another DC, they are not. You have to > start/restart samba and this then adds various dns records including the > site ones. >OK. So no trigger. samba_dnsupdate should solve the issue as a restart of samba service or restarting samba is really needed?> > Rowland > > > For others questions I have still tests to perform. >> >> Thanks and regards, >> >> mathias dufresne >> > > > -- > > Thank you for your help : )