Displaying 20 results from an estimated 10000 matches similar to: "Join a subdomain DC to a domain DC"
2017 Nov 15
2
Join a subdomain DC to a domain DC
Thanks for the feedback too Andrew!!!
I will analyze and verify the least impactful way to try to solve this
problem.
On Wed, Nov 15, 2017 at 4:25 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Tue, 2017-11-14 at 16:05 -0200, Elias Pereira via samba wrote:
> > Hello guys,
> >
> > I work at an institution where the domain is institute.edu.br. We have a
>
2017 Nov 14
2
Join a subdomain DC to a domain DC
>
> Does nobody read the Samba wiki ???
>
What??? Samba has a wiki ??? *Bazinga *:D
As far as I am aware, AD subdomains do not work correctly with Samba AD.
>
> What you have done with the new DC, is what you should have done in the
>
> first place, created a subdomain of your main dns domain and used this
>
> for the AD dns domain and realm.
>
>
I started in
2017 May 16
2
DNS (bind_dlz) forwarding not working
>
> Not so much forgetting but not understanding ;-)
- Internal DNS that responds to our services (site, moodle, etc) -
ns.myinstitution.edu (registered in registro.br)
- Samba DNS answering for samba stuff - addc.myinstitution.edu
Maybe it's better to use SAMBA_INTERNAL instead of BIND_DLZ?
On Tue, May 16, 2017 at 4:29 PM, Rowland Penny via samba <
samba at lists.samba.org>
2017 May 16
2
DNS (bind_dlz) forwarding not working
Rowland,
Seeing as BIND_DLZ uses the same info in AD as SAMBA_INTERNAL does,
> then no, using the internal dns server will not make any difference.
Ok.
Which ever dns server you use, it must be authoritative for the AD
> domain and if required it should be a subdomain of your registered
> domain, see here:
>
> https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ
>
2017 Nov 16
0
Join a subdomain DC to a domain DC
I'm going to redo my infra using the subdomain.
As I've commented before, the file server is together with the DC. I'm
going to separate it, because I think it's a good practice.
My question is if I could re-use the old DC that already has an integrated
file server for this purpose or is it still better to set up a new server,
re-configure folders and shares, etc?
On Wed, Nov
2017 Nov 14
1
Join a subdomain DC to a domain DC
>
> If your main domain is 'example.com' and you use 'ad.example.com' as a
>
> dns subdomain of 'example.com', the Samba DC would be authoritative
>
> for 'ad.example.com', the AD clients would use the DC as their
>
> nameserver for the domain and anything unknown by the DC (google for
>
> instance, or anything in the
2017 Nov 14
0
Join a subdomain DC to a domain DC
On Tue, 14 Nov 2017 16:05:52 -0200
Elias Pereira via samba <samba at lists.samba.org> wrote:
> Hello guys,
>
> I work at an institution where the domain is institute.edu.br. We
> have a main dns that answers for the internal and external services
> that we have.
>
> Firstly the staff here configured samba as domain institute.edu.br,
> but this way it is conflicting
2017 May 18
2
DNS (bind_dlz) forwarding not working
Rowland,
I used the M$ DNS Manager tool and was able to create a delegation from a
subdomain to my existing DNS.
DNS Manager > Forward Lookup Zones > Right-click on mydomain.edu > New
Delegation > ...
After this I can open, for example the service "www.mydomain.edu" normally.
Where are these entries in AD?
On Thu, May 18, 2017 at 4:07 AM, Rowland Penny <rpenny at
2017 Nov 16
2
Join a subdomain DC to a domain DC
On Thu, 16 Nov 2017 16:59:13 -0200
Elias Pereira via samba <samba at lists.samba.org> wrote:
> I'm going to redo my infra using the subdomain.
>
> As I've commented before, the file server is together with the DC. I'm
> going to separate it, because I think it's a good practice.
>
> My question is if I could re-use the old DC that already has an
>
2017 May 19
3
DNS (bind_dlz) forwarding not working
Thanks.
I was able to verify through the following command:
*samba-tool dns query localhost yourdomain.lan @ ALL -U administrator*
--------------
Rowland,
Some time ago I had made some questions about dns with samba4. In the topic
below you say:
"I would suggest you create a sub domain of your main domain (this is
recommended anyway) i.e. if your main domain is called
2019 Apr 17
2
samba-tool domain schemaupgrade fails on DC member
Hello,
Thanks for the feedback Garming!!! 👍
On Wed, Apr 17, 2019 at 12:35 AM Garming Sam <garming at catalyst.net.nz>
wrote:
> Hi,
>
> While I think we have most of the 2012 schema problems under control
> now, there's still quite a bit of work to get the functional level
> things working. In order to actually raise the level, we still need to
> implement a number of
2017 Nov 16
3
Join a subdomain DC to a domain DC
On Thu, 16 Nov 2017 18:51:19 -0200
Elias Pereira <empbilly at gmail.com> wrote:
> Yes, as I mentioned, I will use another dns domain. :)
>
> In the old domain was provisioned with the option --use-rfc2307. I
> believe that it is the attributes that you mention? If so, can I
> migrate the users to the new DC, so that they have the same ID?
>
No, all
2019 Apr 16
4
samba-tool domain schemaupgrade fails on DC member
Hello,
I upgrade the schema for our main ADDC and everything works properly, but
the member DC (DC to an Existing AD) fails.
Both servers are in version 4.10.2
Distro: Debian 9.8
*Main ADDC:*
[2019/04/16 15:43:03.814846, 0]
../../source4/rpc_server/drsuapi/getncchanges.c:2919(dcesrv_drsuapi_DsGetNCChanges)
../../source4/rpc_server/drsuapi/getncchanges.c:2919: DsGetNCChanges 2nd
replication
2015 Oct 09
4
Migrate directories and files
hello guys,
In my tests lab did the migration ldap base of the old samba3 to Samba4
ADCD.
It's possible to migrate directories and files from users of the old samba3
to Samba4 ADDC?
--
Elias Pereira
2019 Apr 17
2
samba-tool domain schemaupgrade fails on DC member
Thanks Rowland and Garming for your help!!
How about "another DC", or 'a second DC' ?
Ok. Got it! :D
Alternatively, re-joining the domain controller (or joining a new DC and
> demoting the old one) probably works because I believe there is code to
> handle this case.
I re-joined (remove secrets.tdb and .lbd, copy idmap from existing DC...)
and now works properly!
2018 Jun 01
3
Trust relationship between different domains
Hai Elias,
聽
Sorry for the late reply.
I do preffer the list, and i understand why you mailt my directly, but best is to keep this on the list.
The more eye that see this, the more chance you have on a reply.
I must say, i personaly dont use any trust relations ships. that was long ago when i used that, so im bit rusty here.
聽
Now, i see you are using my 4.8.2 packages. so you on debian. *( or
2017 Nov 17
1
Join a subdomain DC to a domain DC
On Fri, 17 Nov 2017 09:48:14 -0200
Elias Pereira <empbilly at gmail.com> wrote:
> In a nutshell, I will have to re-put all users in the domain again. :(
>
> Rowland, do you have any tips or best practices to do that? Something
> you do if it appears some infrastructure like mine.
>
Yes, it is called the Samba wiki ;-)
https://wiki.samba.org/index.php/Main_Page
Any
2017 Nov 17
1
Join a subdomain DC to a domain DC
On Fri, 2017-11-17 at 09:48 -0200, Elias Pereira via samba wrote:
> In a nutshell, I will have to re-put all users in the domain again. :(
The Tranquil IT folks seem to have become pretty experienced at this.
You really want to keep the SIDs the same.
In the long term I would love for Samba to support domain renames
directly, but it is a big job. Less effort but still a fair chunk of
work
2017 May 16
2
DNS (bind_dlz) forwarding not working
>
> Sorry, must have missed that.
No problem! :D
OK, your dns domain is 'mydomain.edu' and your AD dns domain is
'addc.mydomain.edu', so far so good, but is the AD REALM set to
'ADDC.MYDOMAIN.EDU <http://addc.mydomain.edu/>' ?
Yes, my AD REALM is ADDC.MYDOMAIN.EDU
Yes, your AD DC should be the authoritative dns server for the AD dns
> domain.
ok.
2017 May 30
2
member domain idmap config ad/rid
>
> Simple answer:
> Administrator, No
> Domain Admins, Yes
Ok. It was already that way.
root at fileserver:/etc/samba# getent group
...
domain admins:x:10004:
domain users:x:10000:
dap:x:10003:
dti:x:10001:
For some reason with the administrator user is not working, I put my user
as domain admin and include him as a member of unix and now I can access
the security tab.