Ok thank you.
Ok thank you.
my skype ID is in my profile
One step further might be one step too far...
Hi.
I'm working on the samba server, creating it with the script I got from you Toxic64, and was a little confused about what role the BDC of my domain should have. Is it Member server or should I join the domain as member server?
//edit
It should read: Member server or Domain controller//
The script works for me connecting to git, and I've made the changes necessary for my server. I didn't have to downlod the tar-file this time.
Last edited by JnPson; May 2nd, 2013 at 12:53 PM. Reason: Typos
Long awaited question my friend, I'll have to crack my fingers on this one.
When you're thinking PDC/BDC, you're talking NT Domains, like NT4 in a simplification matter, NT4 Used PDC essentially for logon and general authentication purpose and maintain the user database and BDC for other domain services. one was slave to the other
MS Active Directory/ Samba4 are totally different.
In such context, all DCs stand equal (this is a very simplified explanation).
In AD/S4 Context, each DC maintains the domain, topology, authentication services and its own copy of the User/Group/OU database. all DCs share the (quite) the same domain informations.
Now your second DC (which is not a BDC) will be joined to existing domain thus, fully replicating infos from the first DC.
This implies you will not provision it like you did for the first one
You'll only have to run the first script from the two I provided and then carefully follow the steps provided herehttps://wiki.samba.org/index.php/Sam...domain_as_a_DC to join your new DC to the existing domain.
at the end of the installation you might want to carefully transfer FSMO knowing that MS recommends:
-PDC emulator and RID master Roles to be on the same DC
-Schema master and naming master to be on the same DC (naming master has to be on a Global catalog or it will not work...)
-Not placing the infrastructure mater on a Global catalog
the infrastructure master is responsible for the updates of his domain's objects references. It compares the data it maintains to the ones stored in the global catalog.
Global catalogs receive updates for every object in all the domains via the replication process. If the Infrastructure master ever finds datas that are not up-to date in its database, it will ask the global catalogs updates for those objects.
If the Infrastructure master and the global catalog are on the same DC, this process won't work as it will never find up-to-date datas and won't replicate those datas on the other DCs.
The only case you will have a GC and an infrastructure master on the same DC in on a single DC infrastructure.
So for your infrastructure, I'd advise disabling GC on the second DC and transfer the infrastructure master role to it. (On a windows DC, you have the choice between transfer and seize...never seize a role unless emergency on a windows DC though cause you might end with a duplicate role which is not good. )
the Samba4 only available command for FSMO transfer is "seize" though so you ll have to go with it.
So:
PDC , RID, Schema, naming --->>> DC1 where DC1 is a GC
infrastructure --->>> DC2 where DC2 is not a GC
My friend, I found something that could solve your original DNS update problem...
We knew the problem was that S4 INTERNAL_DNS didn't allow for unsigned updates.
Here is the parameter to add/change in your smb.conf
Found that very deep in the wiki.#Allow unsigned updates | don't allow any updates | only allow signed updates
allow dns updates = True | False | signed
# If recursive queries = yes is set, the following is also needed
dns forwarder = <ip addr of external dns server>
I didn't test it though but it should work.
Last edited by howefield; October 31st, 2016 at 11:14 AM. Reason: posts combined.
One step further might be one step too far...
Thank you again.
I will go through the installation tomorrow and make these changes.
No problem. Keep me updated.
One step further might be one step too far...
how did it go?
One step further might be one step too far...
Hi Toxic64. I've been home sick for over a week, but now I'm back at work.
I've just started the new installation of ubuntu server 12.04.2 and when that is finished I will install dhcp and run your script.
//JnPson
Ok. I have installed ubuntu, samba4.05, dhcp and I have addedin smb.conf and I have not received any errors in syslog. This is good, because earlier syslog was overflowing with errors when clients tried to updated DNS.Code:[Global] allow dns updates = True
I can connect to AD DC with adminpak as usual and I can create users. I can also see in the dns snap-in that clients is added dynamically. The only problem I have now is roaming profiles.
I've addedin the users profile path andCode:\\dc01\Profiles\%USERNAME%to connect to H: for the template-user.Code:\\dc01\Users\%USERNAME%
My test-user get access denied when he logs on for the first time. I have copied the local admin profile toand gave everyone permission to use it.Code:\\dc01\netlogon\Default Profile
It must be the initial permissions for netlogon that is incorrect.
Any ideas coming to mind?
//edit
My test user can logon to my domain but with a temp profile
//JnPson
Last edited by howefield; October 31st, 2016 at 11:16 AM. Reason: posts combined.
DHCP issue: could you release the IP one one of your client and change it then see if it updates dynamically in your DNS
Access right issue: you don't have to grant rights issue to everyone. I already answered that in the previous thread you had opened and the solution was working I think.
The problem was: A permission problem solved with:
Code:mkdir -m 770 /Users chmod g+s /Users chown root:users /Users //Edit Forgot this part in smb.conf
This problem was solved and users could create files and folders in their own Home Folder.Code:[Users] directory_mode: parameter = 0700 read only = no path = /Users csc policy = documents
A bug in Samba 4.0.0alpha18 did prevent me from creating it as I should so I have installed and configured Samba 4.0.5 from GIT with the great help of Toxic64.
I think the same goes for roaming profiles.
By the way, are you absolutely sure you need roaming profiles?
I'm asking because those can be a major drawback in an infrastructure. If you need more informations about that I'll be glad to provide
Last edited by howefield; October 31st, 2016 at 11:15 AM. Reason: posts combined.
One step further might be one step too far...
Hmm, it doesnt update dynamically.
When I copied the profile from the xp machine I gave everyone access to the default profile. I didn't create Default Profile folder with mkdir on the server but from xp as administrator.
I did miss chown root:users /Profiles and afterwards users can logon with a roaming user profile.
Yes, it is one of the most important reason for setting up a domain, as the users will be moving between different rooms and we have no laptops, only deskptop pc's.
Last edited by howefield; October 31st, 2016 at 11:17 AM. Reason: posts combined.
Bookmarks