Brian Candler
2016-Dec-06 20:56 UTC
[Samba] smb.conf different between first DC and replica DC
Under ubuntu 16.04, compiling samba 4.5.1 from source, I've created an
initial DC and a replica DC by following:
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
For the second one I had to add the extra DNS records as per:
https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
Now, I think it's worked OK. However I see there are two lines in
smb.conf on the first server which aren't in the second server:
idmap_ldb:use rfc2307 = yes
xattr_tdb:file = /usr/local/samba/var/locks/xattr.tdb
Should I add these to the second machine? As I understand it, DCs should
be identical peers (except for the FSMO roles), which is why I'm
suspicious of the differences, or if it means I've made a mistake
configuring the replica.
FYI, the commands I used were:
(1) samba-tool domain provision --server-role=dc --use-rfc2307
--dns-backend=SAMBA_INTERNAL --realm=AD.EXAMPLE.NET --domain=AD
(2) samba-tool domain join ad.example.net DC -U'AD\administrator'
Thanks,
Brian.
Rowland Penny
2016-Dec-06 21:23 UTC
[Samba] smb.conf different between first DC and replica DC
On Tue, 6 Dec 2016 20:56:23 +0000 Brian Candler via samba <samba at lists.samba.org> wrote:> Under ubuntu 16.04, compiling samba 4.5.1 from source, I've created > an initial DC and a replica DC by following: > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory > > For the second one I had to add the extra DNS records as per: > https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record > > Now, I think it's worked OK. However I see there are two lines in > smb.conf on the first server which aren't in the second server: > > idmap_ldb:use rfc2307 = yes > xattr_tdb:file = /usr/local/samba/var/locks/xattr.tdb > > Should I add these to the second machine?In theory yes, but the presence of the second line shows you are not using the system ACLs, you are using a tdb file. You may have to run the provision again ;-) Rowland
Andrew Bartlett
2016-Dec-06 21:58 UTC
[Samba] smb.conf different between first DC and replica DC
On Tue, 2016-12-06 at 21:23 +0000, Rowland Penny via samba wrote:> On Tue, 6 Dec 2016 20:56:23 +0000 > Brian Candler via samba <samba at lists.samba.org> wrote: > > > Under ubuntu 16.04, compiling samba 4.5.1 from source, I've created > > an initial DC and a replica DC by following: > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Dire > > ctory_Domain_Controller > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_ > > Active_Directory > > > > For the second one I had to add the extra DNS records as per: > > https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Re > > cord > > > > Now, I think it's worked OK. However I see there are two lines in > > smb.conf on the first server which aren't in the second server: > > > > idmap_ldb:use rfc2307 = yes > > xattr_tdb:file = /usr/local/samba/var/locks/xattr.tdb > > > > Should I add these to the second machine? > > In theory yes, but the presence of the second line shows you are not > using the system ACLs, you are using a tdb file. You may have to run > the provision again ;-)There is no need to re-run provision. Just take out that line and run the 'samba-tool ntacl sysvolreset' command (assuming no shares other than [sysvol] and [netlogon] are used). Andrew Bartlett