samba - Oct 2016 - Joining a Samba DC to Existing AD question

On 2016-10-10 08:33, Marc Muehlfeld via samba wrote:
> Hi Bob,
> 
> Am 10.10.2016 um 13:18 schrieb Bob of Donelson Trophy via samba: 
> 
>> I noticed the "Joining a Samba DC to an Existing Active
Directory" wiki
>> page was updated yesterday (October 9, 2016.)
> 
> yes, I'm currently doing a lot of major updates, rewrites,
enhancements,
> and so on. :-)
> 
>> Under "Preconditions" header, the third bullet point is
"If Samba is
>> already configured on this host, remove any existing configuration and
>> databases." Well, "configuration" is start forward,
meaning the smb.conf
>> file but, what "databases" is the statement referring to?
> 
> Thanks for mentioning this. I updated the text and added examples.
> 
> If you are currently using the guide to join a new DC, please let me
> know if the new version raises further questions or is unclear.
> 
> Regards,
> Marc
Last week I joined a second DC to my first and all seemed to go well.
(Turned it off until I had more time.) 

This last weekend I moved fsmo roles to the second and demoted the first
DC per Samba Wiki instructions. At the time did not know anything about
protecting (lack of a better choice of words) any Samba databases. So
far, everything seems to be working okay. I'll check log files better
this evening. 

Not having done anything with the "databases", is there some specific
problem I should be looking for?

-- 
_______________________________

Bob Wooden of Donelson Trophy

Hello Bob,

Am 10.10.2016 um 20:59 schrieb Bob of Donelson Trophy via
samba:
> Last week I joined a second DC to my first and all seemed to go well.
> (Turned it off until I had more time.) 
> 
> This last weekend I moved fsmo roles to the second and demoted the first
> DC per Samba Wiki instructions. At the time did not know anything about
> protecting (lack of a better choice of words) any Samba databases. So
> far, everything seems to be working okay. I'll check log files better
> this evening. 
> 
> Not having done anything with the "databases", is there some
specific
> problem I should be looking for?
Did you run Samba as a Domain Member, PDC, DC, or standalone server on
the host before you installed the DC? If not, there are no leftovers to
clean up.

Anyway, there shouldn't be a problem if there is something left over
from a previous installation. The databases are recreated. Cleaning up
old stuff is more for not getting confused later. For example, if you
find some day database files, Samba does not use - because they are from
a previous installation.

I updated the text in the Wiki to mention the reason.


Regards,
Marc

On 2016-10-10 14:29, Marc Muehlfeld via samba wrote:
> Hello Bob,
> 
> Am 10.10.2016 um 20:59 schrieb Bob of Donelson Trophy via samba: 
> 
>> Last week I joined a second DC to my first and all seemed to go well.
>> (Turned it off until I had more time.) 
>> 
>> This last weekend I moved fsmo roles to the second and demoted the
first
>> DC per Samba Wiki instructions. At the time did not know anything about
>> protecting (lack of a better choice of words) any Samba databases. So
>> far, everything seems to be working okay. I'll check log files
better
>> this evening. 
>> 
>> Not having done anything with the "databases", is there some
specific
>> problem I should be looking for?
> 
> Did you run Samba as a Domain Member, PDC, DC, or standalone server on
> the host before you installed the DC? If not, there are no leftovers to
> clean up.
> 
> Anyway, there shouldn't be a problem if there is something left over
> from a previous installation. The databases are recreated. Cleaning up
> old stuff is more for not getting confused later. For example, if you
> find some day database files, Samba does not use - because they are from
> a previous installation.
> 
> I updated the text in the Wiki to mention the reason.
> 
> Regards,
> Marc
The demoted DC was a 4.2.14 Sernet-samba setup running as an Active
Directory Domain Controller for a member server and three Windows
clients. The new ADDC is an Ubuntu 16.04LTS running repo Samba now
version 4.3.11 with Bind9_DLZ. Folder redirection is still working.
Profiles are saving to the member server. I have not checked GPO, yet
but will soon. 

Like I said, so far I have not seen any issues.

-- 
_______________________________

Bob Wooden of Donelson Trophy

On 2016-10-10 14:29, Marc Muehlfeld wrote:
> Hello Bob,
> 
> Am 10.10.2016 um 20:59 schrieb Bob of Donelson Trophy via samba: 
> 
>> Last week I joined a second DC to my first and all seemed to go well.
>> (Turned it off until I had more time.) 
>> 
>> This last weekend I moved fsmo roles to the second and demoted the
first
>> DC per Samba Wiki instructions. At the time did not know anything about
>> protecting (lack of a better choice of words) any Samba databases. So
>> far, everything seems to be working okay. I'll check log files
better
>> this evening. 
>> 
>> Not having done anything with the "databases", is there some
specific
>> problem I should be looking for?
> 
> Did you run Samba as a Domain Member, PDC, DC, or standalone server on
> the host before you installed the DC? If not, there are no leftovers to
> clean up.
> 
> Anyway, there shouldn't be a problem if there is something left over
> from a previous installation. The databases are recreated. Cleaning up
> old stuff is more for not getting confused later. For example, if you
> find some day database files, Samba does not use - because they are from
> a previous installation.
> 
> I updated the text in the Wiki to mention the reason.
> 
> Regards,
> Marc
I was thinking about the problem I had when I demoted my first DC. I
have a single DC environment. I failed to recognize that I needed to
adjust the nameserver settings of each client >>prior<< to the
demote.
When the first DC was gone I had a single W7 client that refused to
start. (The W10 clients started, but complained.) To correct this I
shutdown the new DC and all clients. Restarted the old, now demote DC
and the single W7 client and could then change the nameserver on the W7
client. Shutdown both the client and the old (demoted) DC and restart
the new DC and everything was fine. 

I wish I had had this experience with other W7 clients but, I have only
one W7 client left and it could have been a unique machine related issue
, that it would not start without it's nameserver, and not a W7 client
issue. I have now way to reproduce this event to test further. 

Somewhere I read that once a user demotes a DC you should not restart
it. So, I had to figure out a way to get that W7 client started to
re-adjust the nameserver. A larger deployment may not have the luxury of
shutting everything down to correct a single client issue in the manner
I did. Had I known this was a needed step I would not have had my issue.


You have done a great job updating the documentation. I have been
reviewing much of the detail you've added. Especially the bind stuff. 

This is only a suggestion. Perhaps there needs to be a statement
regarding this? Perhaps not? 

Thank you.

-- 
_______________________________

Bob Wooden of Donelson Trophy