On 16/07/2023 07:10, Mark Foley via samba wrote:> I am planning up upgrading my AD/DC from Samba version 4.8.2 to the most
recent
> version in my Slackware distro which is currently 4.15.13.
>
> In previous threads in this maillist I was advised that the best route to
> achieve this was to add a 2nd domain controller, then promote that one and
> demote the original. I'm in the process of setting up a 2nd DC to that
end.
If you only have one DC, I strongly urge you to run at least two for
safety sake.
>
> I thought I ask questions as I encounter issues, and I've got a couple
right
> off.
>
> 1) The howto doc
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Preparing_the_Installation,
> at the very beginning says,
>
> "Verify that the /etc/hosts file on the DC correctly resolves the
> fully-qualified domain name (FQDN) and short host name to the LAN IP
address of
> the DC. For example:
>
> 127.0.0.1 localhost
> 10.99.0.1 DC1.samdom.example.com DC1
>
> The host name and FQDN must not resolve to the 127.0.0.1 IP address or
any
> other IP address than the one used on the LAN interface of the DC."
>
> The current DC (hostname MAIL) has it's /etc/host file set up as
described above, but what
> about a 2nd DC? Right now, the machine I'm working on to be the 2nd DC
(hostname
> DC1) uses dhcp and is statically assigned an IP by dhcpd running on MAIL.
>
> Should the new secondary DC1 also have it's IP statically assigned and
not use DHCP?
On the wiki page you have linked to, just above the part you have
posted, it says this:
Set a static IP address on the DC and make the associated reservation on
your router. Important: The Samba domain controller will become your DNS
resolver for all domain-joined workstations. As a result it may be
required to assign this IP address outside of your DHCP pool.
It is recommended that all Samba AD DCs have a fixed ipaddress, you
would not want the IP of a DC to possibly change.
>
> 2) The next thing the wiki doc says to do is to provision the DC. Will
doing so
> on this 2nd DC interfer with the current/primary DC?
I think you may be following the wrong instructions, the page you linked
to is for provisioning the first DC in a new domain.
Have you read this wiki page:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
It is only possible to provision one DC in a domain (you actually create
the domain and then automatically join the first DC during the process),
after that you join extra DCs to the domain.
>
> My current DC was provisioned with --dns-backend=BIND9_FLATFILE. The wiki
doc
> says "do NOT use BIND9_FLATFILE, it is not supported and will be
removed in a
> future Samba version." Given that this machine will be the AD/DC for a
dozen
> Windows 10/11 workstations, What would be the recommended alternative
> dns-backend?
You have a choice of two:
You can use the Samba internal dns server, which will require little or
no extra setup, see here:
https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End
Or you can use Bind9, which requires setting up correctly, see here:
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
I cannot recommend using Bind9 with flatfiles, it wasn't ever really
supported (it was only meant for early versions of Bind9 that didn't
have bind_dlz, these are now EOL) and really should have been removed by
now. Using Bind9 with flatfiles was formaly deprecated when 4.11.0 was
released in September 2019 and the 'rndc command' smb.conf parameter
that it relies on was removed when 4.12.0 was released in March 2020.
Rowland