On Jul 24 13:30:11 2023 Rowland Penny via samba <samba at lists.samba.org>
wrote:
> > Did you also sync Sysvol ?
> > On a newly joined DC, there is very little in sysvol, it needs to be
> > synced from a DC that holds all the GPO's.
>
> The wiki says, "You will now need to sync Sysvol to the new DC."
I thought then
> sysvolreset was that. Is there a wiki/howto on how to sync Sysvol?
To "sync Sysvol to the new DC", can I just rsync from the current DC
to the new
DC?
rsync -tvr /var/lib/samba/sysvol/ DC1://var/lib/samba/sysvol
or tar the old sysvol and untar on the new DC?
sysvol has ACLs and ATTRs that I don't think >
> > On 24/07/2023 17:46, Mark Foley via samba wrote:
> > > I removed the new computer from the domain and deleted the
smb.conf file. I then
> > > did:
> > >
> > > samba-tool domain join hprs.local DC --option='idmap_ldb:use
rfc2307 = yes' -U Administrator
>
> [deleted]
>
> > It sounds like you now have a DC :-)
>
> > > Note that I did not specify any --dns-backend. I hope that's
OK as I
> > > provisioned with --dns-backend=BIND9_FLATFILE on the
original/current DC. I do
> > > have LAN members not part of the domain that need to have DNS
service, so I may
> > > have to redo this later.
> >
> > If you didn't specify a dns backend, then the default internal dns
> > server will be used.
> >
> > > Under "Verifying the DNS Entries" I did change the 1st
IP in resolv.conf to be this new host's
> > > IP, but that didn't work -- couldn't see any other host,
so I reverted back to
> > > the original DC's IP. However, that's not working either,
even after a reboot. I
> > > switched back to the new DC's IP and rebooted. Again, not
working. So, something
> > > is wrong with the DNS setup.
> >
> > The dns problem is probably because there are no records in AD, you
need
> > to either transfer the records from the flat files (you will probably
> > have to create the reverse zone) or let your Windows computers create
> > them in AD.
>
> OK, I'll look at that after the sync Sysvol. On the original DC, that
machine
> was already the DNS w/o Samba with all the named.conf, zones, etc.
configured.
> It was easy to adapt that to the then supported
--dns-backend=BIND9_FLATFILE. I
> think I can research this a bit and sort it out.
>
> [deleted]
>
> > > Next I ran 'net cache flush' on the new DC; seemed to
work (no error).
> > >
> > > Next 'samba-tool ntacl sysvolreset', but I had a problem
with that:
> > >
> > > # samba-tool ntacl sysvolreset
> > > set_nt_acl_conn: init_files_struct failed:
NT_STATUS_OBJECT_NAME_NOT_FOUND
>
> [deleted]
>
> > > What did I do wrong? Note that samba is not yet running.
> >
> > Did you also sync Sysvol ?
> > On a newly joined DC, there is very little in sysvol, it needs to be
> > synced from a DC that holds all the GPO's.
>
> The wiki says, "You will now need to sync Sysvol to the new DC."
I thought then
> sysvolreset was that. Is there a wiki/howto on how to sync Sysvol?
>
> > ... it is just that Debian (and Debian base distros,
> > Ubuntu for instance) has been the goto distro for a Samba AD DC since
> > Samba 4.0.0 and there is a lot of Knowledge out there. I run two Samba
> > AD DCs on Raspberry pi OS (Debian based), so I can vouch that it works
well.
> >
> > Rowland
>
> Wow, on a Raspberry pi, eh? That's impressive for a Raspberry! I may be
the only
> one running this on Slackware. However, I don't really think the actual
setup is
> much different by distro other than certainly what Samba version it
supports.
> Slackware tends to lag, on purpose -- let others be the delta-tester. I
hope this
> exercise does't prove me wrong.
>
> Thanks --Mark
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>