Quantcast

After Classic Upgrade

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

After Classic Upgrade

Samba - General mailing list
Hello all,
we recently did an classic upgrade of our NT-style domain with LDAP
backend to AD (Version 4.4.9-SerNet on CENTOS 7). We had some small
issues but all in all it worked pretty good.
Now we are in production with 3 DC and have some
questions/observations:

-- We used to have a WINS server in our old domain and we kept this
running without change. Is it possible to migrate this to the DCs? and
would it be possible that they all would be WINS servers? If so how?
(just wins support = yes?)

-- We are running dhcpd on two of the DCs with failover configuration
and dynDNS updates via (https://wiki.samba.org/index.php/Configure_DHCP
_to_update_DNS_records_with_BIND9). This works quite well. However,
since both dhcp servers want to update the DNS entry locally we
sometime get conflict entries (CNF:xxxxx). Has anybody found a
workaround for this?


Regards


Christian






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: After Classic Upgrade

Samba - General mailing list
On Mon, 13 Feb 2017 13:39:12 +0100
Christian Naumer via samba <[hidden email]> wrote:

> -- We used to have a WINS server in our old domain and we kept this
> running without change. Is it possible to migrate this to the DCs? and
> would it be possible that they all would be WINS servers? If so how?
> (just wins support = yes?)

You could just turn it into a Unix domain member, but you do not need a
wins server in AD, AD uses DNS instead.
>
> -- We are running dhcpd on two of the DCs with failover configuration
> and dynDNS updates via
> (https://wiki.samba.org/index.php/Configure_DHCP
> _to_update_DNS_records_with_BIND9). This works quite well. However,
> since both dhcp servers want to update the DNS entry locally we
> sometime get conflict entries (CNF:xxxxx). Has anybody found a
> workaround for this?
>

How are you running the failover ?

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: After Classic Upgrade

Samba - General mailing list
Am Montag, den 13.02.2017, 13:09 +0000 schrieb Rowland Penny via samba:
>
>
> You could just turn it into a Unix domain member, but you do not need
> a
> wins server in AD, AD uses DNS instead.

In the "old" domain we had severe issues if WINS was not enabled. And
as we have a "grown" environment with NT, XP, Mac, Win7 and Win2003/8
we did not risk it to switch the old WINS server off. So what you are
saying is "wins support = yes" only works on domain members correct?
That is the way it is running now. I just thought to use the DCs to
have some kind of failover.

> >
> > -- We are running dhcpd on two of the DCs with failover
> > configuration
> > and dynDNS updates via
> > (https://wiki.samba.org/index.php/Configure_DHCP
> > _to_update_DNS_records_with_BIND9). This works quite well. However,
> > since both dhcp servers want to update the DNS entry locally we
> > sometime get conflict entries (CNF:xxxxx). Has anybody found a
> > workaround for this? 
> >
>
> How are you running the failover ?
>
Here the relevant part from the conf.

failover peer "dhcp-failover" {
        primary; # declare this to be
the primary server
        address 192.168.0.90;
        port 647;
       
 peer address 192.168.0.91;
        peer port 647;
        max-response-
delay 30;
        max-unacked-updates 10;
        load balance max
seconds 3;
        mclt 1800;
        split 255;
}

as you can see only one server is actively handing out IPs but both try
to update the DNS entries. The dynDNS was done as per the WIKI
instructions.


Regards



> Rowland
>
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: After Classic Upgrade

Samba - General mailing list
On Mon, 13 Feb 2017 15:00:55 +0100
Christian Naumer via samba <[hidden email]> wrote:


> as you can see only one server is actively handing out IPs but both
> try to update the DNS entries. The dynDNS was done as per the WIKI
> instructions.
>

I have updated the wiki page with the correct way to do this (well the
way that worked for me)

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: After Classic Upgrade

Samba - General mailing list
Hello Rowland,
thanks for the update in the wiki. I modified my setup. So lets see
what will happen.

Just to make sure about the WINS server. Have I interpreted you comment
right that "wins support =yes" does not work on a DC? I thought
together with "dns proxy = yes" this might have the right effect.


Thanks again

Christian




Am Montag, den 13.02.2017, 14:44 +0000 schrieb Rowland Penny via samba:

> On Mon, 13 Feb 2017 15:00:55 +0100
> Christian Naumer via samba <[hidden email]> wrote:
>
>
> > as you can see only one server is actively handing out IPs but both
> > try to update the DNS entries. The dynDNS was done as per the WIKI
> > instructions.
> >
>
> I have updated the wiki page with the correct way to do this (well
> the
> way that worked for me)
>
> Rowland
>
>
--


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: After Classic Upgrade

Samba - General mailing list
On Mon, 13 Feb 2017 20:07:55 +0100
Christian Naumer via samba <[hidden email]> wrote:

>
> Just to make sure about the WINS server. Have I interpreted you
> comment right that "wins support =yes" does not work on a DC? I
> thought together with "dns proxy = yes" this might have the right
> effect.
>

It might work, never tried it, because the computers will find other
computers in the domain via DNS from the DC, there is another reason,
there is no network browsing on a Samba AD DC.

Rowland


 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: After Classic Upgrade

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Mon, 2017-02-13 at 20:07 +0100, Christian Naumer via samba wrote:
> Hello Rowland,
> thanks for the update in the wiki. I modified my setup. So lets see
> what will happen.
>
> Just to make sure about the WINS server. Have I interpreted you
> comment
> right that "wins support =yes" does not work on a DC? I thought
> together with "dns proxy = yes" this might have the right effect.

For mulit-master WINS support have a look at

http://www.linux-magazine.com/Issues/2009/102/Samba4Wins

The instructions are old, but the code that was the samba4wins product
from sernet is still part of Samba, and runs in the NBT server on the
AD DC.

Andrew Bartlett

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...