greetings, samba-users, I am currently preparing to join a second Samba-DC to a Samba-based ADS. DC1 is a debian-9.6 machine, running samba-4.8.8 from Louis' repos. DC2 is basically identically set up (thank you, ansible) and I read and followed (1) so far, except the actual join. sysvol-rsync, kerberos ticket, modified smb.conf, resolv.conf ... done I assume 4.8.8 will give me no surprises here? Is there a "dry run" for the join to check if things would work? I hesitate to join the DC2 during work hours ;-) from experience. And I think it's better to ask you *before* I crash my network ;-) thanks, Stefan (1) https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
On Wed, 30 Jan 2019 11:23:25 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> > greetings, samba-users, > > I am currently preparing to join a second Samba-DC to a Samba-based > ADS. > > DC1 is a debian-9.6 machine, running samba-4.8.8 from Louis' repos. > > DC2 is basically identically set up (thank you, ansible) and I read > and followed (1) so far, except the actual join. > > sysvol-rsync, kerberos ticket, modified smb.conf, resolv.conf ... doneWell , I would suggest you undo it ;-) You will have to sync sysvol AFTER the join The join will create the kerberos ticket (unless you are actually referring to /etc/krb5.conf) and smb.conf. /etc/resolv.conf needs to point to DC1 before the join and itself after the join.> > I assume 4.8.8 will give me no surprises here?Shouldn't do.> > Is there a "dry run" for the join to check if things would work?No> > I hesitate to join the DC2 during work hours ;-) from experience.Wise decision ;-)> > And I think it's better to ask you *before* I crash my network ;-)Oh definitely, better to ask before, it is easier to fix ;-) Rowland
Am 30.01.19 um 11:37 schrieb Rowland Penny via samba:> You will have to sync sysvol AFTER the join > The join will create the kerberos ticket (unless you are actually > referring to /etc/krb5.conf) and smb.conf. > /etc/resolv.conf needs to point to DC1 before the join and itself after > the join.phew! I didn't have that on the radar, good that I asked ... No problem to temporarily disable the rsync-job and rm the kerberos ticket (quick reboot of DC2 during lunch ;-)). thanks!>> I hesitate to join the DC2 during work hours ;-) from experience. > > Wise decision ;-)At least this was done correctly ;-)>> And I think it's better to ask you *before* I crash my network ;-) > > Oh definitely, better to ask before, it is easier to fix ;-)great, thanks so far.
I only see one error here. Debian 9.6 .. Update to 9.7 ;-) :-P Because of : https://www.debian.org/security/2019/dsa-4371 Looks good Stefan. It the preseed on github still the same? Working at things here also. .. Bit to much things but ok. Fun things :-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: woensdag 30 januari 2019 11:23 > Aan: samba > Onderwerp: [Samba] preparing a 2nd DC > > > greetings, samba-users, > > I am currently preparing to join a second Samba-DC to a > Samba-based ADS. > > DC1 is a debian-9.6 machine, running samba-4.8.8 from Louis' repos. > > DC2 is basically identically set up (thank you, ansible) and > I read and > followed (1) so far, except the actual join. > > sysvol-rsync, kerberos ticket, modified smb.conf, resolv.conf ... done > > I assume 4.8.8 will give me no surprises here? > > Is there a "dry run" for the join to check if things would work? > > I hesitate to join the DC2 during work hours ;-) from experience. > > And I think it's better to ask you *before* I crash my network ;-) > > thanks, Stefan > > > (1) > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Exis > ting_Active_Directory > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Am 30.01.19 um 12:11 schrieb L.P.H. van Belle via samba:> I only see one error here. > > Debian 9.6 .. Update to 9.7 ;-) :-P > Because of : https://www.debian.org/security/2019/dsa-4371yeah, sure, thanks. I have that in already but wrote without remembering that. Like in "hey, we have 2019 already"> Looks good Stefan. > It the preseed on github still the same?yes. But I didn't install this DC2 via preseed, but based on a debops project ( https://docs.debops.org/en/master/ ).> Working at things here also. .. Bit to much things but ok. Fun things :-)good to hear/read :) I think I am gonna try that join in the evening or better after friday evening ...