On Mon, 22 Jul 2024 16:48:59 +0200 Joachim Lindenberg via samba <samba at lists.samba.org> wrote:> Hello Rowland, > there can be a lot more services than just the OS and Samba-AD-DC.Just like Microsoft, Samba doesn't recommend using a DC for other services and running it in some form of VM doesn't make it different.> As > a must have you have to configure bind, and in my specific case I > have also a pi-hole and stubby running with docker in order to > provide complete DNS services on the DCs. Cloning is definitely a > huge saving of time than starting from scratch. Everybody except > probably Samba today uses clones where possible.As I said, I wouldn't clone a DC, but a quick internet search turns up that you can clone a Microsoft AD DC, provided a few criteria are met: It is only running software essential for the DC. It holds most, if not all, the FSMO roles. Can be powered down for a short while. It is best to be already virtualised. Your clone does not seem to match the above. You are having problems, which may be just down to Samba, or they could be due to an interaction between Samba and some other piece of software. I suggest you start with a fresh VM, install Samba in that and join it as a DC (using the internal dns server), if that works okay, then add Bind and keep adding things until it stops working, at which point you may be able to work out what the problem is. If the new Samba gives you the same problem that you are having now, then it will be less software in the way when trying to sort out the problem. Rowland
On 22-07-2024 17:49, Rowland Penny via samba wrote:> On Mon, 22 Jul 2024 16:48:59 +0200 > Joachim Lindenberg via samba <samba at lists.samba.org> wrote: > >> Hello Rowland, >> there can be a lot more services than just the OS and Samba-AD-DC. > Just like Microsoft, Samba doesn't recommend using a DC for other > services and running it in some form of VM doesn't make it different.I think Joachim mentioned Bind as software he is running, which is perfectly fine. And obviously on any Linux server there are quite a few more daemons that run. Some 10 years ago I made a lot of images to clone with VMware (ESX), and I can tell, it is a tedious job to get a well prepared image. The same is true for the scripts required to personalize it again after cloning. The more complex your machine is setup, the more complex this tasks becomes. It is as simple as that, but certainly not impossible. In any case I would advice to invest time in creating a repeatable setup / config mechanism for every type of server you have. Use Ansible, Saltstack, Terraform, Chef etc. or just bash scripts. That makes the machine itself and its software + configs disposable. When it breaks, just run the code against a fresh base-OS and you are back in business. The only thing still required is a good backup of your data and a **tested** restore procedure! - Kees.>> As >> a must have you have to configure bind, and in my specific case I >> have also a pi-hole and stubby running with docker in order to >> provide complete DNS services on the DCs. Cloning is definitely a >> huge saving of time than starting from scratch. Everybody except >> probably Samba today uses clones where possible. > As I said, I wouldn't clone a DC, but a quick internet search turns up > that you can clone a Microsoft AD DC, provided a few criteria are met: > > It is only running software essential for the DC. > It holds most, if not all, the FSMO roles. > Can be powered down for a short while. > It is best to be already virtualised. > > Your clone does not seem to match the above. > > You are having problems, which may be just down to Samba, or they could > be due to an interaction between Samba and some other piece of software. > > I suggest you start with a fresh VM, install Samba in that and join it > as a DC (using the internal dns server), if that works okay, then add > Bind and keep adding things until it stops working, at which point you > may be able to work out what the problem is. If the new Samba gives you > the same problem that you are having now, then it will be less software > in the way when trying to sort out the problem. > > Rowland > > >
in an attempt to analyze the misbehaviour of my clone I compiled samba (version 4.19.7) from sources, following https://wiki.samba.org/index.php/Build_Samba_from_Source#make. When I entered "make install" however, it started a new compile/link with even more sources [yy/5891] after compilation of preceeding make succeeded [xx/4536]. This is not what I expected to happen - imho install just copies files. Any ideas? Then I also tried ./configure to change the pathes and figured out, the "..." is probably not required and one could supply multiple options in a single call, correct? After changing the paths, make, make install, and systemctl start samba-ad-dc I get "exit_daemon: daemon failed to start: Samba failed to prime database, error code 22" As I replaced version 4.19.7-Ubuntu: why can the database formats differ? Or what else could have gone wrong? Thanks, Joachim> -----Urspr?ngliche Nachricht----- > Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland > Penny via samba > Gesendet: Montag, 22. Juli 2024 17:49 > An: samba at lists.samba.org > Cc: Rowland Penny <rpenny at samba.org> > Betreff: Re: [Samba] new DC via clone.. > > On Mon, 22 Jul 2024 16:48:59 +0200 > Joachim Lindenberg via samba <samba at lists.samba.org> wrote: > > > Hello Rowland, > > there can be a lot more services than just the OS and Samba-AD-DC. > > Just like Microsoft, Samba doesn't recommend using a DC for other services > and running it in some form of VM doesn't make it different. > > > As > > a must have you have to configure bind, and in my specific case I have > > also a pi-hole and stubby running with docker in order to provide > > complete DNS services on the DCs. Cloning is definitely a huge saving > > of time than starting from scratch. Everybody except probably Samba > > today uses clones where possible. > > As I said, I wouldn't clone a DC, but a quick internet search turns up that you > can clone a Microsoft AD DC, provided a few criteria are met: > > It is only running software essential for the DC. > It holds most, if not all, the FSMO roles. > Can be powered down for a short while. > It is best to be already virtualised. > > Your clone does not seem to match the above. > > You are having problems, which may be just down to Samba, or they could be > due to an interaction between Samba and some other piece of software. > > I suggest you start with a fresh VM, install Samba in that and join it as a DC > (using the internal dns server), if that works okay, then add Bind and keep > adding things until it stops working, at which point you may be able to work > out what the problem is. If the new Samba gives you the same problem that > you are having now, then it will be less software in the way when trying to > sort out the problem. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba