Please forgive me, I'm not sure what terminology to use here so this question may sound wrong. I have built two servers samba servers with a new domain. They replicate happily and I can seem to do everything I could ever want on them. DC01 holds all the FSMO roles and, as the first one built, acts as the "master" for DNS. Nothing works well on either server if DC01 is not at the top of the hosts file. But this is in a temporary environment and what I'd like to do is build two production servers, connect them to this AD domain, get them working and then have them take over all the FSMO roles and for one of them to become the master for DNS so that I can switch off these two test servers I have built. My question is, what do I have to do to make another server the "master"? is it just transferring the FSMO roles or is there something else (apart from updating the host files on all the live servers)? Thanks in advance!
Hi Peter, noop just transfering the fsmo roles and you would be good just remember to demote the old DC afterwards just remember you do not have concept of master in AD just fsmo holder Best On 9/5/20 6:54 PM, Peter Pollock via samba wrote:> Please forgive me, I'm not sure what terminology to use here so this > question may sound wrong. > > I have built two servers samba servers with a new domain. They replicate > happily and I can seem to do everything I could ever want on them. > > DC01 holds all the FSMO roles and, as the first one built, acts as the > "master" for DNS. Nothing works well on either server if DC01 is not at the > top of the hosts file. > > But this is in a temporary environment and what I'd like to do is build two > production servers, connect them to this AD domain, get them working and > then have them take over all the FSMO roles and for one of them to become > the master for DNS so that I can switch off these two test servers I have > built. > > My question is, what do I have to do to make another server the "master"? > is it just transferring the FSMO roles or is there something else (apart > from updating the host files on all the live servers)? > > Thanks in advance! >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20200905/aed52f37/signature.sig>
Thank you! On Sat, Sep 5, 2020 at 10:11 AM mailist <mailist at kaminot.xyz> wrote:> Hi Peter, > > noop just transfering the fsmo roles and you would be good just > remember to demote the old DC afterwards > > just remember you do not have concept of master in AD just fsmo holder > > Best > > On 9/5/20 6:54 PM, Peter Pollock via samba wrote: > > Please forgive me, I'm not sure what terminology to use here so this > > question may sound wrong. > > > > I have built two servers samba servers with a new domain. They replicate > > happily and I can seem to do everything I could ever want on them. > > > > DC01 holds all the FSMO roles and, as the first one built, acts as the > > "master" for DNS. Nothing works well on either server if DC01 is not at > the > > top of the hosts file. > > > > But this is in a temporary environment and what I'd like to do is build > two > > production servers, connect them to this AD domain, get them working and > > then have them take over all the FSMO roles and for one of them to become > > the master for DNS so that I can switch off these two test servers I have > > built. > > > > My question is, what do I have to do to make another server the "master"? > > is it just transferring the FSMO roles or is there something else (apart > > from updating the host files on all the live servers)? > > > > Thanks in advance! > > > >
On 05/09/2020 17:54, Peter Pollock via samba wrote:> Please forgive me, I'm not sure what terminology to use here so this > question may sound wrong. > > I have built two servers samba servers with a new domain. They replicate > happily and I can seem to do everything I could ever want on them. > > DC01 holds all the FSMO roles and, as the first one built, acts as the > "master" for DNS. Nothing works well on either server if DC01 is not at the > top of the hosts file.Both DC's are dns masters, it is known as multi-master. Each DC should use its own ipaddress for its nameserver in /etc/resolv.conf, so something is wrong if it doesn't work.> > But this is in a temporary environment and what I'd like to do is build two > production servers, connect them to this AD domain, get them working and > then have them take over all the FSMO roles and for one of them to become > the master for DNS so that I can switch off these two test servers I have > built.No, you lost me there, you will have two good DC's and you will add another two good DC's and then turn off the first two, why ?> My question is, what do I have to do to make another server the "master"? > is it just transferring the FSMO roles or is there something else (apart > from updating the host files on all the live servers)?There is no concept of a 'master' in AD, all DC's are equal except for the FSMO roles and they can be on any DC, in fact, if you had seven DC's, you could have an FSMO role on each. You can transfer all the roles to any DC, but it wouldn't make it the 'master', because there is no master. Rowland
To get the question of why new servers, this one I'm using has hardware whose remaining life is measured in days. The elastic bands and sticky tape it is held together with won't hold for much longer. I'm using it to build and test a new environment, but then I need to migrate that onto something with a little more vitality before bringing it into production (in the next 56 hours). As for DNS. I ALWAYS had the problem with my Zentyal boxes that if the one I built first went down, the others didn't know what to do with their lives. The same is true on these ones I've built today. DC01 has IP 192.168.4.5 DC02 has IP 192.168.4.6 The gateway is ar 192.168.4.1 If I set /etc/resolv.conf to nameserver 192.168.4.6 nameserver 192.168.4.1 search internal.kcs I get no internal or external name resolution. Trying to ping anything gives me: ping: google.com: Temporary failure in name resolution Dig gives me this error: itadmin at dc02:~$ dig dc01.internal.kcs ; <<>> DiG 9.16.1-Ubuntu <<>> dc01.internal.kcs ;; global options: +cmd ;; connection timed out; no servers could be reached Digging from DC01 works fine though itadmin at dc01:/$ dig dc02.internal.kcs ; <<>> DiG 9.16.1-Ubuntu <<>> dc02.internal.kcs ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14095 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 4375a2de0dc15f30010000005f53fc6edecede8d59738b72 (good) ;; QUESTION SECTION: ;dc02.internal.kcs. IN A ;; ANSWER SECTION: dc02.internal.kcs. 900 IN A 192.168.4.6 ;; Query time: 4 msec ;; SERVER: 192.168.4.5#53(192.168.4.5) ;; WHEN: Sat Sep 05 14:00:30 PDT 2020 ;; MSG SIZE rcvd: 90 and all my troubles go away if I change resolv.conf to have nameserver 192.168.4.5 at the top On Sat, Sep 5, 2020 at 10:26 AM Rowland penny via samba < samba at lists.samba.org> wrote:> On 05/09/2020 17:54, Peter Pollock via samba wrote: > > Please forgive me, I'm not sure what terminology to use here so this > > question may sound wrong. > > > > I have built two servers samba servers with a new domain. They replicate > > happily and I can seem to do everything I could ever want on them. > > > > DC01 holds all the FSMO roles and, as the first one built, acts as the > > "master" for DNS. Nothing works well on either server if DC01 is not at > the > > top of the hosts file. > Both DC's are dns masters, it is known as multi-master. Each DC should > use its own ipaddress for its nameserver in /etc/resolv.conf, so > something is wrong if it doesn't work. > > > > But this is in a temporary environment and what I'd like to do is build > two > > production servers, connect them to this AD domain, get them working and > > then have them take over all the FSMO roles and for one of them to become > > the master for DNS so that I can switch off these two test servers I have > > built. > No, you lost me there, you will have two good DC's and you will add > another two good DC's and then turn off the first two, why ? > > My question is, what do I have to do to make another server the "master"? > > is it just transferring the FSMO roles or is there something else (apart > > from updating the host files on all the live servers)? > > There is no concept of a 'master' in AD, all DC's are equal except for > the FSMO roles and they can be on any DC, in fact, if you had seven > DC's, you could have an FSMO role on each. You can transfer all the > roles to any DC, but it wouldn't make it the 'master', because there is > no master. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
..and also, kinit fails if I don't have 192.168.4.5 as the first nameserver in resolv.conf On Sat, Sep 5, 2020 at 10:26 AM Rowland penny via samba < samba at lists.samba.org> wrote:> On 05/09/2020 17:54, Peter Pollock via samba wrote: > > Please forgive me, I'm not sure what terminology to use here so this > > question may sound wrong. > > > > I have built two servers samba servers with a new domain. They replicate > > happily and I can seem to do everything I could ever want on them. > > > > DC01 holds all the FSMO roles and, as the first one built, acts as the > > "master" for DNS. Nothing works well on either server if DC01 is not at > the > > top of the hosts file. > Both DC's are dns masters, it is known as multi-master. Each DC should > use its own ipaddress for its nameserver in /etc/resolv.conf, so > something is wrong if it doesn't work. > > > > But this is in a temporary environment and what I'd like to do is build > two > > production servers, connect them to this AD domain, get them working and > > then have them take over all the FSMO roles and for one of them to become > > the master for DNS so that I can switch off these two test servers I have > > built. > No, you lost me there, you will have two good DC's and you will add > another two good DC's and then turn off the first two, why ? > > My question is, what do I have to do to make another server the "master"? > > is it just transferring the FSMO roles or is there something else (apart > > from updating the host files on all the live servers)? > > There is no concept of a 'master' in AD, all DC's are equal except for > the FSMO roles and they can be on any DC, in fact, if you had seven > DC's, you could have an FSMO role on each. You can transfer all the > roles to any DC, but it wouldn't make it the 'master', because there is > no master. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >