Hello, I'm currently studying migration from Samba 3 to Samba 4 (NT4 to AD). Using classic upgrade [1]. Currently (alongside with our Samba 3 PDC), we have a heterogeus environment with external DNS servers: ns1.example.com ns2.example.com ns3.example.com ns4.example.com Currently, our DHCP server supplies the IPs of these servers for clients. We have all servers (and PDC) correctly registered on these servers. They are four so we can keep up with the load and for geographic reasons. Why, in Samba 4, are clients required to use Samba DNS resolver? It seems Samba 4 uses DNS while Samba 3 does not, and requires that all clients to use it, but that would break our architecture because there would be a single point of failure (unless we setup more than one PDC). We can configure the PDC to forward queries to them with smb.conf option "dns forwarder" [2] and use several PDC to mimic the architecture we have today, but I was wondering why are clients required to use Samba 4 DNS. There are some discussion about this in the list (like [3]), if there is any documentation/thread about that, could you share? Thanks! [1] https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) [2] https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html [3] http://samba.2283325.n4.nabble.com/Samba4-using-existing-DNS-and-LDAP-td4652082.html
On 25/03/2021 22:07, Lou via samba wrote:> Hello, > > I'm currently studying migration from Samba 3 to Samba 4 (NT4 to AD).? > Using classic upgrade [1]. > > Currently (alongside with our Samba 3 PDC), we have a heterogeus > environment with external DNS servers: > > ns1.example.com > ns2.example.com > ns3.example.com > ns4.example.com > > Currently, our DHCP server supplies the IPs of these servers for > clients.? We have all servers (and PDC) correctly registered on these > servers. They are four so we can keep up with the load and for > geographic reasons.You can still use your DHCP servers, your Windows clients can update their own records in AD, your DC's should have fixed IP's, your only problem would be Unix clients and you can script around them.> > Why, in Samba 4, are clients required to use Samba DNS resolver?Because every AD DC running a dns server is authoritative for AD dns domain and holds all the AD dns records (they are in AD)> > > It seems Samba 4 uses DNS while Samba 3 does not, and requires that > all clients to use it, but that would break our architecture because > there would be a single point of failure (unless we setup more than > one PDC).No, you do not even set up one PDC, that is what you have now, AD uses DC's which are all equal except for the FSMO roles (and they can be on any DC) and yes, it is recommended to install multiple DC's> > We can configure the PDC to forward queries to them with smb.conf > option "dns forwarder" [2] and use several PDC to mimic the > architecture we have today, but I was wondering why are clients > required to use Samba 4 DNS.Do it the other way, continue to use your existing dns servers and get them to forward the AD dns domain searches to AD DC's. I would also suggest using Bind9 if you do run multiple DC's? (I would also suggest running multiple DC's) Rowland
Mandi! Lou via samba In chel di` si favelave...> I'm currently studying migration from Samba 3 to Samba 4 (NT4 to AD). Using classic upgrade [1]. > Currently (alongside with our Samba 3 PDC), we have a heterogeus environment with external DNS servers:If you have currently a DNS/DHCP setup, you can leave it as-is; but effectivaly Active Directory (not samba, but AD!) mandates the use of DNS, so you have to setup a forward zone for the domanin. The better choice will be define a subdomain of the current domain, keeping the examples will be 'ad.example.com', for the AD domain. In this way, with glue records or dns forwarders, you can have both world speak each other. Anyway, AD is merely LDAP+DNS+NTP+Kerberos in Microsoft salsa, so DNS is a core component in AD domains. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On 3/25/21 6:07 PM, Lou via samba wrote:> Hello, > > I'm currently studying migration from Samba 3 to Samba 4 (NT4 to AD). > Using classic upgrade [1]. > > Currently (alongside with our Samba 3 PDC), we have a heterogeus > environment with external DNS servers: > > ns1.example.com > ns2.example.com > ns3.example.com > ns4.example.com > > Currently, our DHCP server supplies the IPs of these servers for > clients.? We have all servers (and PDC) correctly registered on these > servers. They are four so we can keep up with the load and for > geographic reasons. > > Why, in Samba 4, are clients required to use Samba DNS resolver? > > It seems Samba 4 uses DNS while Samba 3 does not, and requires that all > clients to use it, but that would break our architecture because there > would be a single point of failure (unless we setup more than one PDC). > > We can configure the PDC to forward queries to them with smb.conf option > "dns forwarder" [2] and use several PDC to mimic the architecture we > have today, but I was wondering why are clients required to use Samba 4 > DNS.Technically the clients don't need to use directly the Samba DNS servers only for DNS updates, these DNS server used by the clients need to resolve the AD domain. So you can still use the same servers you are supplying via DHCP if these DNS servers are able to forward queries to the Samba DNS. If your current servers have connectivity to the Samba DNS, you can ask them to be configured to forward your ad.example.com domain, to Samba. If uo can modify their configuration, then the DHCP has to assign anoterh DNS servers, being it your Samba configured with a forwarder. Or a new one in front of your current servers and Samba> > There are some discussion about this in the list (like [3]), if there is > any documentation/thread about that, could you share? > > Thanks! > > [1] > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) > > [2] https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html > [3] > http://samba.2283325.n4.nabble.com/Samba4-using-existing-DNS-and-LDAP-td4652082.html > >