E Kogler
2023-Jul-06 12:12 UTC
[Samba] Samba shares and samba server residing on different physical machines
Finally I have time to install samba 4.17.8 on my new machine.The join was
successful, but there's a new question popping up:
I want to use BIND9 backend? for DNS but the new machine is running a
slave-DNS.Can I follow the steps in the wiki as if it was my primary DNS ?
Edgar
Am Freitag, 21. April 2023 um 16:42:57 MESZ hat Rowland Penny via samba
<samba at lists.samba.org> Folgendes geschrieben:
On 21/04/2023 15:11, E Kogler via samba wrote:> Hi fellow Members!I'm Systems administrator at a school using SAMBA 4
as AD DC.
> As you know, WIN11 is at the doorstep and my "old" Samba4 Server
(4.9) doesn't serve Windows Servers (Server 2019) very well,
> e.g. the latest issue is that the domain administrator cannot access the
GPO's or other informations from the Samba-LDAP (authentication failure ?).
Probably the new 'date' feature (where it went from 2038 to sometime
never), you need Samba >= 4.16.0 running as a DC.
> I think that it has possibly to do with the version of kerberos SAMBA 4.9
uses.I installed SAMBA 4.9 on debian using its package.Now I want to upgrade to
SAMBA 4.latest manually to be able to use patch-files being always up-to-date.
It sounds like you need to upgrade your version of Debian as well, if
you use Debian 11 and Samba from backports, this will get you 4.17.7
> I was told to install SAMBA 4.latest on a different machine, join the
domain, do the provisioning,
No, you cannot join as a DC AND provision, the latter will get you an
entirely new AD domain
> and shut down the old
> server.
Install the latest Debian 11 and use backports, install Samba, configure
the machine to be a DC and then join it to your existing AD domain as a
DC, transfer the FSMO roles from the existing DC to the new DC, demote
the old DC and turn it off.
> My question is if I can keep all the shares and the respective data (we
have around 1200 users, using about 370 GB) on the "old" machine,
Anything in the AD database should be replicated to the new DC, but it
also sounds like you have been using the existing DC as a fileserver,
something that Samba (or Microsoft) does not recommend.
My advice, if this is the case, join another new DC (for failover, the
more DC's the better), then reconfigure the old, original DC as a Unix
domain member and use it as a fileserver.
> running only the AD DC and the new kerberos version compatible to WIN11 on
the "new" machine.
> In future, I'd like to transfer SAMBA 4.latest back to the original
machine, restoring the status quo.
From the sound of it, the 'status quo' isn't really good enough.
We will probably need more info to advise further.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions:? https://lists.samba.org/mailman/options/samba
Rowland Penny
2023-Jul-06 12:48 UTC
[Samba] Samba shares and samba server residing on different physical machines
On 06/07/2023 13:12, E Kogler via samba wrote:> Finally I have time to install samba 4.17.8 on my new machine.The join was successful, but there's a new question popping up: > I want to use BIND9 backend? for DNS but the new machine is running a slave-DNS.Can I follow the steps in the wiki as if it was my primary DNS ? > Edgar >Hi Edgar, unless you are doing something wrong, I think you may be misunderstanding a Samba domain and DNS. Every Samba AD DC runs a a dns server, this could be the built in dns server or Bind9. You refer to 'slave-DNS', but there are no 'slaves' in Samba AD, like Microsoft AD, all dns servers running on a DC are masters, this is known as 'multi-master'. As all the dns records are stored in AD, you just setup the dns server the same on all DC's. Any further questions, please ask. Rowland