My answer below. 2016-02-10 15:38 GMT+01:00 Rowland penny <rpenny at samba.org>:> On 10/02/16 14:07, mathias dufresne wrote: > >> >> >> 2016-02-10 14:37 GMT+01:00 Rowland penny <rpenny at samba.org <mailto: >> rpenny at samba.org>>: >> >> >> On 10/02/16 11:12, mathias dufresne wrote: >> >> Hi all, >> >> Using 4.3.4 + Bind DLZ @ Centos 7. >> >> Regarding AD sites, I have several questions: >> >> 1° Is it possible with Samba4 to rename Default-First-Site-Name? >> >> >> Depends on what you mean, if you mean can it be changed, then the >> answer is yes. If you mean can it be changed with samba-tool, then no. >> >> >> OK. I tried once and I had to reinstall the whole domain. I was using RPM >> manually created with patch for demote dead servers. Rpmbuild never >> complained about that patch but samba-tool did not get the option to demote >> dead servers. Perhaps the patch I get wasn't the right one, perhaps that >> patch would have broken part of this packaged samba... >> Of course the issue can come from me, but as I used RSAT to rename the >> site, I can't see how I could do a mistake... >> >> >> >> 2° samba-tool sites create <name> >> does not link new site to DEFAUTLIPSITELINK, is it the correct >> behaviour? >> >> >> Probably not. >> >> >> OK >> >> >> 3° When a DC is not in Default-First-Site-Name, no DNS records >> related to >> that DC should exists in Default-First-Site-Name related DNS >> records. Is >> that true? >> ex: _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld >> should not >> exist. >> >> >> Again probably not. >> >> >> According to your next reply, I take your reply as a "yes, that's true. A >> DC should be referenced only in site it belongs." >> >> Once more, my question was not clear, sorry about that. >> >> >> 4° When a DC is moved from one site to another site, all DNS >> records >> related to old site should be automatically removed? >> >> >> Yes >> >> >> OK >> >> >> 5° If 4° is true, what trigger the change in DNS >> configuration? Is it a >> samba restart which will run samba_dnsupdate which would >> perform that >> creation of DNS records and deletion of the old ones or >> samba_dnsupdate (or >> equivalent) is run without the need of a restart/reboot? >> >> >> I don't think there is anything to do this at present. The main >> problem (as I see it) is that when you provision a domain, all the >> records are created for you, but when you join another DC, they >> are not. You have to start/restart samba and this then adds >> various dns records including the site ones. >> >> >> OK. So no trigger. >> >> samba_dnsupdate should solve the issue as a restart of samba service or >> restarting samba is really needed? >> >> >> > I have been reading the 'samba-tool sites' code and it appears that it > creates new sites in 'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'. > > I think it should be creating it in > 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >I did look into the both domain I have here at work, one is 4.3.4 and the other one is 4.4.0rc2. There is no CN=Sites,DC=samdom,DC=example,DC=com but only CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com. Of course there is also no CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com and only CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com is present. Which version of Samba were you looking into?> > I think is should also add a 'siteList' attribute containing > 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' to > 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >That's a very interesting information. For now and as I'm starting to be pushed by time, I would rely on RSAT to change that. That's the only things I spotted as missing with 4.4.0 and site management (because 4.4.0 comes with improvement of site management, thank to devs ;)> > Rowland > > >
On 10/02/16 15:36, mathias dufresne wrote:> My answer below. > > 2016-02-10 15:38 GMT+01:00 Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org>>: > > On 10/02/16 14:07, mathias dufresne wrote: > > > > 2016-02-10 14:37 GMT+01:00 Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org> <mailto:rpenny at samba.org > <mailto:rpenny at samba.org>>>: > > > On 10/02/16 11:12, mathias dufresne wrote: > > Hi all, > > Using 4.3.4 + Bind DLZ @ Centos 7. > > Regarding AD sites, I have several questions: > > 1° Is it possible with Samba4 to rename > Default-First-Site-Name? > > > Depends on what you mean, if you mean can it be changed, > then the > answer is yes. If you mean can it be changed with > samba-tool, then no. > > > OK. I tried once and I had to reinstall the whole domain. I > was using RPM manually created with patch for demote dead > servers. Rpmbuild never complained about that patch but > samba-tool did not get the option to demote dead servers. > Perhaps the patch I get wasn't the right one, perhaps that > patch would have broken part of this packaged samba... > Of course the issue can come from me, but as I used RSAT to > rename the site, I can't see how I could do a mistake... > > > > 2° samba-tool sites create <name> > does not link new site to DEFAUTLIPSITELINK, is it the > correct > behaviour? > > > Probably not. > > > OK > > > 3° When a DC is not in Default-First-Site-Name, no DNS > records > related to > that DC should exists in Default-First-Site-Name > related DNS > records. Is > that true? > ex: > _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld > should not > exist. > > > Again probably not. > > > According to your next reply, I take your reply as a "yes, > that's true. A DC should be referenced only in site it belongs." > > Once more, my question was not clear, sorry about that. > > > 4° When a DC is moved from one site to another site, > all DNS > records > related to old site should be automatically removed? > > > Yes > > > OK > > > 5° If 4° is true, what trigger the change in DNS > configuration? Is it a > samba restart which will run samba_dnsupdate which would > perform that > creation of DNS records and deletion of the old ones or > samba_dnsupdate (or > equivalent) is run without the need of a restart/reboot? > > > I don't think there is anything to do this at present. The > main > problem (as I see it) is that when you provision a domain, > all the > records are created for you, but when you join another DC, > they > are not. You have to start/restart samba and this then adds > various dns records including the site ones. > > > OK. So no trigger. > > samba_dnsupdate should solve the issue as a restart of samba > service or restarting samba is really needed? > > > > I have been reading the 'samba-tool sites' code and it appears > that it creates new sites in > 'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'. > > I think it should be creating it in > 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' > > > I did look into the both domain I have here at work, one is 4.3.4 and > the other one is 4.4.0rc2. > There is no CN=Sites,DC=samdom,DC=example,DC=com but only > CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com.OK, I have only 'CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' where 'DC=samdom,DC=example,DC=com' is my rootdse i.e the domain name is samdom.example.com> > Of course there is also no > CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com and only > CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com is > present. >'NEWSITE' is a placeholder for whatever site name you want to replace Default-First-Site-Name with. i.e. if you wanted to add a site called 'mysite' you would end up with: 'CN=mysite,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'> Which version of Samba were you looking into?4.4 i.e. samba.master> > I think is should also add a 'siteList' attribute containing > 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' to > 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' > > > That's a very interesting information. For now and as I'm starting to > be pushed by time, I would rely on RSAT to change that. That's the > only things I spotted as missing with 4.4.0 and site management > (because 4.4.0 comes with improvement of site management, thank to devs ;)Ok Rowland
2016-02-10 16:54 GMT+01:00 Rowland penny <rpenny at samba.org>:> On 10/02/16 15:36, mathias dufresne wrote: > >> My answer below. >> >> 2016-02-10 15:38 GMT+01:00 Rowland penny <rpenny at samba.org <mailto: >> rpenny at samba.org>>: >> >> On 10/02/16 14:07, mathias dufresne wrote: >> >> >> >> 2016-02-10 14:37 GMT+01:00 Rowland penny <rpenny at samba.org >> <mailto:rpenny at samba.org> <mailto:rpenny at samba.org >> >> <mailto:rpenny at samba.org>>>: >> >> >> On 10/02/16 11:12, mathias dufresne wrote: >> >> Hi all, >> >> Using 4.3.4 + Bind DLZ @ Centos 7. >> >> Regarding AD sites, I have several questions: >> >> 1° Is it possible with Samba4 to rename >> Default-First-Site-Name? >> >> >> Depends on what you mean, if you mean can it be changed, >> then the >> answer is yes. If you mean can it be changed with >> samba-tool, then no. >> >> >> OK. I tried once and I had to reinstall the whole domain. I >> was using RPM manually created with patch for demote dead >> servers. Rpmbuild never complained about that patch but >> samba-tool did not get the option to demote dead servers. >> Perhaps the patch I get wasn't the right one, perhaps that >> patch would have broken part of this packaged samba... >> Of course the issue can come from me, but as I used RSAT to >> rename the site, I can't see how I could do a mistake... >> >> >> >> 2° samba-tool sites create <name> >> does not link new site to DEFAUTLIPSITELINK, is it the >> correct >> behaviour? >> >> >> Probably not. >> >> >> OK >> >> >> 3° When a DC is not in Default-First-Site-Name, no DNS >> records >> related to >> that DC should exists in Default-First-Site-Name >> related DNS >> records. Is >> that true? >> ex: >> _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld >> should not >> exist. >> >> >> Again probably not. >> >> >> According to your next reply, I take your reply as a "yes, >> that's true. A DC should be referenced only in site it belongs." >> >> Once more, my question was not clear, sorry about that. >> >> >> 4° When a DC is moved from one site to another site, >> all DNS >> records >> related to old site should be automatically removed? >> >> >> Yes >> >> >> OK >> >> >> 5° If 4° is true, what trigger the change in DNS >> configuration? Is it a >> samba restart which will run samba_dnsupdate which would >> perform that >> creation of DNS records and deletion of the old ones or >> samba_dnsupdate (or >> equivalent) is run without the need of a restart/reboot? >> >> >> I don't think there is anything to do this at present. The >> main >> problem (as I see it) is that when you provision a domain, >> all the >> records are created for you, but when you join another DC, >> they >> are not. You have to start/restart samba and this then adds >> various dns records including the site ones. >> >> >> OK. So no trigger. >> >> samba_dnsupdate should solve the issue as a restart of samba >> service or restarting samba is really needed? >> >> >> >> I have been reading the 'samba-tool sites' code and it appears >> that it creates new sites in >> 'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'. >> >> I think it should be creating it in >> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >> >> >> I did look into the both domain I have here at work, one is 4.3.4 and the >> other one is 4.4.0rc2. >> There is no CN=Sites,DC=samdom,DC=example,DC=com but only >> CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com. >> > > OK, I have only 'CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' > where 'DC=samdom,DC=example,DC=com' is my rootdse i.e the domain name is > samdom.example.com > > So samba-tool is not creating site at the wrong place.> >> Of course there is also no >> CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com and only >> CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com is present. >> >> > 'NEWSITE' is a placeholder for whatever site name you want to replace > Default-First-Site-Name with. > i.e. if you wanted to add a site called 'mysite' you would end up with: > > 'CN=mysite,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >My colleague said: "Thank you Captain Obvious" ;)> > > Which version of Samba were you looking into? >> > > 4.4 i.e. samba.master >OK. As in fact there is no issue about place were entry is created, only the link to defaultipsitelink is missing. Perhaps something to create new site link could be added, but not sure at all it is relevant: Site links are perhaps easier to manage through RSAT... I have not enough background to tell. Cardon brothers could have a view on that as they deployed some domain with lot of sites and had to deal with replication issue, as they told me once. Perhaps they also played with site links...> > >> I think is should also add a 'siteList' attribute containing >> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' to >> 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site >> Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >> >> >> That's a very interesting information. For now and as I'm starting to be >> pushed by time, I would rely on RSAT to change that. That's the only things >> I spotted as missing with 4.4.0 and site management (because 4.4.0 comes >> with improvement of site management, thank to devs ;) >> > > Ok > > > Rowland > > > Cheers,mathias