I am planning up upgrading my AD/DC from Samba version 4.8.2 to the most recent version in my Slackware distro which is currently 4.15.13. In previous threads in this maillist I was advised that the best route to achieve this was to add a 2nd domain controller, then promote that one and demote the original. I'm in the process of setting up a 2nd DC to that end. I thought I ask questions as I encounter issues, and I've got a couple right off. 1) The howto doc https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Preparing_the_Installation, at the very beginning says, "Verify that the /etc/hosts file on the DC correctly resolves the fully-qualified domain name (FQDN) and short host name to the LAN IP address of the DC. For example: 127.0.0.1 localhost 10.99.0.1 DC1.samdom.example.com DC1 The host name and FQDN must not resolve to the 127.0.0.1 IP address or any other IP address than the one used on the LAN interface of the DC." The current DC (hostname MAIL) has it's /etc/host file set up as described above, but what about a 2nd DC? Right now, the machine I'm working on to be the 2nd DC (hostname DC1) uses dhcp and is statically assigned an IP by dhcpd running on MAIL. Should the new secondary DC1 also have it's IP statically assigned and not use DHCP? 2) The next thing the wiki doc says to do is to provision the DC. Will doing so on this 2nd DC interfer with the current/primary DC? My current DC was provisioned with --dns-backend=BIND9_FLATFILE. The wiki doc says "do NOT use BIND9_FLATFILE, it is not supported and will be removed in a future Samba version." Given that this machine will be the AD/DC for a dozen Windows 10/11 workstations, What would be the recommended alternative dns-backend? That's enough for now! Thanks --Mark
On 16/07/2023 07:10, Mark Foley via samba wrote:> I am planning up upgrading my AD/DC from Samba version 4.8.2 to the most recent > version in my Slackware distro which is currently 4.15.13. > > In previous threads in this maillist I was advised that the best route to > achieve this was to add a 2nd domain controller, then promote that one and > demote the original. I'm in the process of setting up a 2nd DC to that end.If you only have one DC, I strongly urge you to run at least two for safety sake.> > I thought I ask questions as I encounter issues, and I've got a couple right > off. > > 1) The howto doc https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Preparing_the_Installation, > at the very beginning says, > > "Verify that the /etc/hosts file on the DC correctly resolves the > fully-qualified domain name (FQDN) and short host name to the LAN IP address of > the DC. For example: > > 127.0.0.1 localhost > 10.99.0.1 DC1.samdom.example.com DC1 > > The host name and FQDN must not resolve to the 127.0.0.1 IP address or any > other IP address than the one used on the LAN interface of the DC." > > The current DC (hostname MAIL) has it's /etc/host file set up as described above, but what > about a 2nd DC? Right now, the machine I'm working on to be the 2nd DC (hostname > DC1) uses dhcp and is statically assigned an IP by dhcpd running on MAIL. > > Should the new secondary DC1 also have it's IP statically assigned and not use DHCP?On the wiki page you have linked to, just above the part you have posted, it says this: Set a static IP address on the DC and make the associated reservation on your router. Important: The Samba domain controller will become your DNS resolver for all domain-joined workstations. As a result it may be required to assign this IP address outside of your DHCP pool. It is recommended that all Samba AD DCs have a fixed ipaddress, you would not want the IP of a DC to possibly change.> > 2) The next thing the wiki doc says to do is to provision the DC. Will doing so > on this 2nd DC interfer with the current/primary DC?I think you may be following the wrong instructions, the page you linked to is for provisioning the first DC in a new domain. Have you read this wiki page: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory It is only possible to provision one DC in a domain (you actually create the domain and then automatically join the first DC during the process), after that you join extra DCs to the domain.> > My current DC was provisioned with --dns-backend=BIND9_FLATFILE. The wiki doc > says "do NOT use BIND9_FLATFILE, it is not supported and will be removed in a > future Samba version." Given that this machine will be the AD/DC for a dozen > Windows 10/11 workstations, What would be the recommended alternative > dns-backend?You have a choice of two: You can use the Samba internal dns server, which will require little or no extra setup, see here: https://wiki.samba.org/index.php/Samba_Internal_DNS_Back_End Or you can use Bind9, which requires setting up correctly, see here: https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End I cannot recommend using Bind9 with flatfiles, it wasn't ever really supported (it was only meant for early versions of Bind9 that didn't have bind_dlz, these are now EOL) and really should have been removed by now. Using Bind9 with flatfiles was formaly deprecated when 4.11.0 was released in September 2019 and the 'rndc command' smb.conf parameter that it relies on was removed when 4.12.0 was released in March 2020. Rowland
Hi! Have you read? https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Preparing_the_Host_for_Joining_the_Domain Mark Foley via samba <samba at lists.samba.org> escreveu no dia domingo, 16/07/2023 ?(s) 07:23:> I am planning up upgrading my AD/DC from Samba version 4.8.2 to the most > recent > version in my Slackware distro which is currently 4.15.13. > > In previous threads in this maillist I was advised that the best route to > achieve this was to add a 2nd domain controller, then promote that one and > demote the original. I'm in the process of setting up a 2nd DC to that end. > > I thought I ask questions as I encounter issues, and I've got a couple > right > off. > > 1) The howto doc > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Preparing_the_Installation > , > at the very beginning says, > > "Verify that the /etc/hosts file on the DC correctly resolves the > fully-qualified domain name (FQDN) and short host name to the LAN IP > address of > the DC. For example: > > 127.0.0.1 localhost > 10.99.0.1 DC1.samdom.example.com DC1 > > The host name and FQDN must not resolve to the 127.0.0.1 IP address or > any > other IP address than the one used on the LAN interface of the DC." > > The current DC (hostname MAIL) has it's /etc/host file set up as described > above, but what > about a 2nd DC? Right now, the machine I'm working on to be the 2nd DC > (hostname > DC1) uses dhcp and is statically assigned an IP by dhcpd running on MAIL. > > Should the new secondary DC1 also have it's IP statically assigned and not > use DHCP? > > 2) The next thing the wiki doc says to do is to provision the DC. Will > doing so > on this 2nd DC interfer with the current/primary DC? > > My current DC was provisioned with --dns-backend=BIND9_FLATFILE. The wiki > doc > says "do NOT use BIND9_FLATFILE, it is not supported and will be removed > in a > future Samba version." Given that this machine will be the AD/DC for a > dozen > Windows 10/11 workstations, What would be the recommended alternative > dns-backend? > > That's enough for now! > > Thanks --Mark > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >