2016-02-10 16:54 GMT+01:00 Rowland penny <rpenny at samba.org>:> On 10/02/16 15:36, mathias dufresne wrote: > >> My answer below. >> >> 2016-02-10 15:38 GMT+01:00 Rowland penny <rpenny at samba.org <mailto: >> rpenny at samba.org>>: >> >> On 10/02/16 14:07, mathias dufresne wrote: >> >> >> >> 2016-02-10 14:37 GMT+01:00 Rowland penny <rpenny at samba.org >> <mailto:rpenny at samba.org> <mailto:rpenny at samba.org >> >> <mailto:rpenny at samba.org>>>: >> >> >> On 10/02/16 11:12, mathias dufresne wrote: >> >> Hi all, >> >> Using 4.3.4 + Bind DLZ @ Centos 7. >> >> Regarding AD sites, I have several questions: >> >> 1° Is it possible with Samba4 to rename >> Default-First-Site-Name? >> >> >> Depends on what you mean, if you mean can it be changed, >> then the >> answer is yes. If you mean can it be changed with >> samba-tool, then no. >> >> >> OK. I tried once and I had to reinstall the whole domain. I >> was using RPM manually created with patch for demote dead >> servers. Rpmbuild never complained about that patch but >> samba-tool did not get the option to demote dead servers. >> Perhaps the patch I get wasn't the right one, perhaps that >> patch would have broken part of this packaged samba... >> Of course the issue can come from me, but as I used RSAT to >> rename the site, I can't see how I could do a mistake... >> >> >> >> 2° samba-tool sites create <name> >> does not link new site to DEFAUTLIPSITELINK, is it the >> correct >> behaviour? >> >> >> Probably not. >> >> >> OK >> >> >> 3° When a DC is not in Default-First-Site-Name, no DNS >> records >> related to >> that DC should exists in Default-First-Site-Name >> related DNS >> records. Is >> that true? >> ex: >> _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld >> should not >> exist. >> >> >> Again probably not. >> >> >> According to your next reply, I take your reply as a "yes, >> that's true. A DC should be referenced only in site it belongs." >> >> Once more, my question was not clear, sorry about that. >> >> >> 4° When a DC is moved from one site to another site, >> all DNS >> records >> related to old site should be automatically removed? >> >> >> Yes >> >> >> OK >> >> >> 5° If 4° is true, what trigger the change in DNS >> configuration? Is it a >> samba restart which will run samba_dnsupdate which would >> perform that >> creation of DNS records and deletion of the old ones or >> samba_dnsupdate (or >> equivalent) is run without the need of a restart/reboot? >> >> >> I don't think there is anything to do this at present. The >> main >> problem (as I see it) is that when you provision a domain, >> all the >> records are created for you, but when you join another DC, >> they >> are not. You have to start/restart samba and this then adds >> various dns records including the site ones. >> >> >> OK. So no trigger. >> >> samba_dnsupdate should solve the issue as a restart of samba >> service or restarting samba is really needed? >> >> >> >> I have been reading the 'samba-tool sites' code and it appears >> that it creates new sites in >> 'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'. >> >> I think it should be creating it in >> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >> >> >> I did look into the both domain I have here at work, one is 4.3.4 and the >> other one is 4.4.0rc2. >> There is no CN=Sites,DC=samdom,DC=example,DC=com but only >> CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com. >> > > OK, I have only 'CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' > where 'DC=samdom,DC=example,DC=com' is my rootdse i.e the domain name is > samdom.example.com > > So samba-tool is not creating site at the wrong place.> >> Of course there is also no >> CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com and only >> CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com is present. >> >> > 'NEWSITE' is a placeholder for whatever site name you want to replace > Default-First-Site-Name with. > i.e. if you wanted to add a site called 'mysite' you would end up with: > > 'CN=mysite,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >My colleague said: "Thank you Captain Obvious" ;)> > > Which version of Samba were you looking into? >> > > 4.4 i.e. samba.master >OK. As in fact there is no issue about place were entry is created, only the link to defaultipsitelink is missing. Perhaps something to create new site link could be added, but not sure at all it is relevant: Site links are perhaps easier to manage through RSAT... I have not enough background to tell. Cardon brothers could have a view on that as they deployed some domain with lot of sites and had to deal with replication issue, as they told me once. Perhaps they also played with site links...> > >> I think is should also add a 'siteList' attribute containing >> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' to >> 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site >> Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >> >> >> That's a very interesting information. For now and as I'm starting to be >> pushed by time, I would rely on RSAT to change that. That's the only things >> I spotted as missing with 4.4.0 and site management (because 4.4.0 comes >> with improvement of site management, thank to devs ;) >> > > Ok > > > Rowland > > > Cheers,mathias
On 10/02/16 16:27, mathias dufresne wrote:> > > 2016-02-10 16:54 GMT+01:00 Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org>>: > > On 10/02/16 15:36, mathias dufresne wrote: > > My answer below. > > 2016-02-10 15:38 GMT+01:00 Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org> <mailto:rpenny at samba.org > <mailto:rpenny at samba.org>>>: > > On 10/02/16 14:07, mathias dufresne wrote: > > > > 2016-02-10 14:37 GMT+01:00 Rowland penny > <rpenny at samba.org <mailto:rpenny at samba.org> > <mailto:rpenny at samba.org <mailto:rpenny at samba.org>> > <mailto:rpenny at samba.org <mailto:rpenny at samba.org> > > <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>>>: > > > On 10/02/16 11:12, mathias dufresne wrote: > > Hi all, > > Using 4.3.4 + Bind DLZ @ Centos 7. > > Regarding AD sites, I have several questions: > > 1° Is it possible with Samba4 to rename > Default-First-Site-Name? > > > Depends on what you mean, if you mean can it be > changed, > then the > answer is yes. If you mean can it be changed with > samba-tool, then no. > > > OK. I tried once and I had to reinstall the whole > domain. I > was using RPM manually created with patch for demote dead > servers. Rpmbuild never complained about that patch but > samba-tool did not get the option to demote dead servers. > Perhaps the patch I get wasn't the right one, perhaps that > patch would have broken part of this packaged samba... > Of course the issue can come from me, but as I used > RSAT to > rename the site, I can't see how I could do a mistake... > > > > 2° samba-tool sites create <name> > does not link new site to DEFAUTLIPSITELINK, > is it the > correct > behaviour? > > > Probably not. > > > OK > > > 3° When a DC is not in > Default-First-Site-Name, no DNS > records > related to > that DC should exists in Default-First-Site-Name > related DNS > records. Is > that true? > ex: > _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld > should not > exist. > > > Again probably not. > > > According to your next reply, I take your reply as a "yes, > that's true. A DC should be referenced only in site it > belongs." > > Once more, my question was not clear, sorry about that. > > > 4° When a DC is moved from one site to another > site, > all DNS > records > related to old site should be automatically > removed? > > > Yes > > > OK > > > 5° If 4° is true, what trigger the change in DNS > configuration? Is it a > samba restart which will run samba_dnsupdate > which would > perform that > creation of DNS records and deletion of the > old ones or > samba_dnsupdate (or > equivalent) is run without the need of a > restart/reboot? > > > I don't think there is anything to do this at > present. The > main > problem (as I see it) is that when you provision a > domain, > all the > records are created for you, but when you join > another DC, > they > are not. You have to start/restart samba and this > then adds > various dns records including the site ones. > > > OK. So no trigger. > > samba_dnsupdate should solve the issue as a restart of > samba > service or restarting samba is really needed? > > > > I have been reading the 'samba-tool sites' code and it appears > that it creates new sites in > 'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'. > > I think it should be creating it in > 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' > > > I did look into the both domain I have here at work, one is > 4.3.4 and the other one is 4.4.0rc2. > There is no CN=Sites,DC=samdom,DC=example,DC=com but only > CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com. > > > OK, I have only > 'CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' where > 'DC=samdom,DC=example,DC=com' is my rootdse i.e the domain name is > samdom.example.com <http://samdom.example.com> > > So samba-tool is not creating site at the wrong place.Now I have had time to read and properly understand the python code, I have to agree with you, it does get created in the right place.> > Of course there is also no > CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com and only > CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com > is present. > > > 'NEWSITE' is a placeholder for whatever site name you want to > replace Default-First-Site-Name with. > i.e. if you wanted to add a site called 'mysite' you would end up > with: > > 'CN=mysite,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' > > > My colleague said: "Thank you Captain Obvious" ;)Again, I should have gone to spexsavers :-D> > > > Which version of Samba were you looking into? > > > 4.4 i.e. samba.master > > OK. As in fact there is no issue about place were entry is created, > only the link to defaultipsitelink is missing. > > Perhaps something to create new site link could be added, but not sure > at all it is relevant: Site links are perhaps easier to manage through > RSAT... I have not enough background to tell. Cardon brothers could > have a view on that as they deployed some domain with lot of sites and > had to deal with replication issue, as they told me once. Perhaps they > also played with site links...This would seem to be the only missing component and from what I have found, this link is required for replication or have I misunderstood the info I found again :-) Rowland> > > > I think is should also add a 'siteList' attribute containing > 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' > to > 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' > > > That's a very interesting information. For now and as I'm > starting to be pushed by time, I would rely on RSAT to change > that. That's the only things I spotted as missing with 4.4.0 > and site management (because 4.4.0 comes with improvement of > site management, thank to devs ;) > > > Ok > > > Rowland > > > Cheers, > > mathias
2016-02-10 18:04 GMT+01:00 Rowland penny <rpenny at samba.org>:> On 10/02/16 16:27, mathias dufresne wrote: > >> >> >> 2016-02-10 16:54 GMT+01:00 Rowland penny <rpenny at samba.org <mailto: >> rpenny at samba.org>>: >> >> On 10/02/16 15:36, mathias dufresne wrote: >> >> My answer below. >> >> 2016-02-10 15:38 GMT+01:00 Rowland penny <rpenny at samba.org >> <mailto:rpenny at samba.org> <mailto:rpenny at samba.org >> <mailto:rpenny at samba.org>>>: >> >> On 10/02/16 14:07, mathias dufresne wrote: >> >> >> >> 2016-02-10 14:37 GMT+01:00 Rowland penny >> <rpenny at samba.org <mailto:rpenny at samba.org> >> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>> >> <mailto:rpenny at samba.org <mailto:rpenny at samba.org> >> >> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>>>: >> >> >> >> On 10/02/16 11:12, mathias dufresne wrote: >> >> Hi all, >> >> Using 4.3.4 + Bind DLZ @ Centos 7. >> >> Regarding AD sites, I have several questions: >> >> 1° Is it possible with Samba4 to rename >> Default-First-Site-Name? >> >> >> Depends on what you mean, if you mean can it be >> changed, >> then the >> answer is yes. If you mean can it be changed with >> samba-tool, then no. >> >> >> OK. I tried once and I had to reinstall the whole >> domain. I >> was using RPM manually created with patch for demote dead >> servers. Rpmbuild never complained about that patch but >> samba-tool did not get the option to demote dead servers. >> Perhaps the patch I get wasn't the right one, perhaps that >> patch would have broken part of this packaged samba... >> Of course the issue can come from me, but as I used >> RSAT to >> rename the site, I can't see how I could do a mistake... >> >> >> >> 2° samba-tool sites create <name> >> does not link new site to DEFAUTLIPSITELINK, >> is it the >> correct >> behaviour? >> >> >> Probably not. >> >> >> OK >> >> >> 3° When a DC is not in >> Default-First-Site-Name, no DNS >> records >> related to >> that DC should exists in Default-First-Site-Name >> related DNS >> records. Is >> that true? >> ex: >> _ldap._tcp.Default-First-Site-Name._sites.samba.domain.tld >> should not >> exist. >> >> >> Again probably not. >> >> >> According to your next reply, I take your reply as a "yes, >> that's true. A DC should be referenced only in site it >> belongs." >> >> Once more, my question was not clear, sorry about that. >> >> >> 4° When a DC is moved from one site to another >> site, >> all DNS >> records >> related to old site should be automatically >> removed? >> >> >> Yes >> >> >> OK >> >> >> 5° If 4° is true, what trigger the change in DNS >> configuration? Is it a >> samba restart which will run samba_dnsupdate >> which would >> perform that >> creation of DNS records and deletion of the >> old ones or >> samba_dnsupdate (or >> equivalent) is run without the need of a >> restart/reboot? >> >> >> I don't think there is anything to do this at >> present. The >> main >> problem (as I see it) is that when you provision a >> domain, >> all the >> records are created for you, but when you join >> another DC, >> they >> are not. You have to start/restart samba and this >> then adds >> various dns records including the site ones. >> >> >> OK. So no trigger. >> >> samba_dnsupdate should solve the issue as a restart of >> samba >> service or restarting samba is really needed? >> >> >> >> I have been reading the 'samba-tool sites' code and it appears >> that it creates new sites in >> 'CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com'. >> >> I think it should be creating it in >> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >> >> >> I did look into the both domain I have here at work, one is >> 4.3.4 and the other one is 4.4.0rc2. >> There is no CN=Sites,DC=samdom,DC=example,DC=com but only >> CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com. >> >> >> OK, I have only >> 'CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' where >> 'DC=samdom,DC=example,DC=com' is my rootdse i.e the domain name is >> samdom.example.com <http://samdom.example.com> >> >> So samba-tool is not creating site at the wrong place. >> > > Now I have had time to read and properly understand the python code, I > have to agree with you, it does get created in the right place. > > >> Of course there is also no >> CN=NEWSITE,CN=Sites,DC=samdom,DC=example,DC=com and only >> CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com >> is present. >> >> >> 'NEWSITE' is a placeholder for whatever site name you want to >> replace Default-First-Site-Name with. >> i.e. if you wanted to add a site called 'mysite' you would end up >> with: >> >> 'CN=mysite,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >> >> >> My colleague said: "Thank you Captain Obvious" ;) >> > > Again, I should have gone to spexsavers :-D > > >> >> >> Which version of Samba were you looking into? >> >> >> 4.4 i.e. samba.master >> >> OK. As in fact there is no issue about place were entry is created, only >> the link to defaultipsitelink is missing. >> >> Perhaps something to create new site link could be added, but not sure at >> all it is relevant: Site links are perhaps easier to manage through RSAT... >> I have not enough background to tell. Cardon brothers could have a view on >> that as they deployed some domain with lot of sites and had to deal with >> replication issue, as they told me once. Perhaps they also played with site >> links... >> > > This would seem to be the only missing component and from what I have > found, this link is required for replication or have I misunderstood the > info I found again :-) >Yep, that's also how I feel the purpose of that thing : ) (No it's not too clear in my mind ^^)> > Rowland > >> >> >> >> I think is should also add a 'siteList' attribute containing >> 'CN=NEWSITE,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >> to >> 'CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site >> Transports,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com' >> >> >> That's a very interesting information. For now and as I'm >> starting to be pushed by time, I would rely on RSAT to change >> that. That's the only things I spotted as missing with 4.4.0 >> and site management (because 4.4.0 comes with improvement of >> site management, thank to devs ;) >> >> >> Ok >> >> >> Rowland >> >> >> Cheers, >> >> mathias >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >