Greetings,
I have some questions. Most of the documentation seems to show how to join a
windows machine to a samba domain. I went the other way and Created a Windows
2008 R2 domain and joined samba 4 to it. I noticed some things aren't quite
looking right, and I'm not sure if I should expect it.
For instance, under "Active Directory Sites and Services" on the Windows box,
if I right click on 'NTDS Settings' for the Samba dc and select, "Replicate
configuration to the selected dc', I get the following error,
"The following error occurred during the attempt to syncronize naming context
CN=Configuration,DC=[...],DC=[...],DC=[...] from Domain Controller SAMBATEST to
domain controller QUARTZ: The stub received bad data."
Right clicking on the <automatically generated> connection within the Win2k8r2
server and clicking, 'replicate now' fails for a different reason:
"The Following error occurred during the attempt to syncronize naming context
DomainDnsZones.[fqdn removed] from domain controller QUARTZ to domain
controller SAMBATEST: The naming context is in the process of being removed or
is not replicated from the specific server."
However, replicating from the samba box seems to work just great. I get no
errors.
Now, I know that there are some limitations on the DNS replication, so maybe
this is expected. I read on the documentation that I should either use the
Windows DNS server or BIND. When I setup samba, I didn't provision it (like the
docs said), but rather did a domain join. Is samba relying on the DNS server on
the windows machine then? If not, are the docs right in that I should stick
with bind, or am I safe to use the internal DNS?
Ultimately, I guess I'm wondering if I'm better off provisioning a samba domain
and joining win2k8 to it, and letting samba handle the DNS. Then, I could have,
say 2 samba DC's replicating between each other, and a windows DC for managing
group policy stuff?
That leads me to another question. DFS isn't supported. I noticed this after I
tried to edit the group policy on my windows machine. The SYSVOL partition for
samba is completely empty. I saw that some people are using rsync between samba
instances to replicate this, but what's the preferred method between syncing a
windows DC with a samba DC? If I'm messing with the group policy on the windows
machine, isn't that going to result in an inconsistent state between the
windows DC and the other samba DC's?
When I tried updating the group policy on a windows 7 client joined to the
domain, I got the following error,
"The processing of Group Policy failed. Windows attempted to read the file
\\[fqdn]\sysvol\[fqdn]\Policies\{...}\gpt.ini from a domain controller and was
not successful. Group policy settings may not be applied until this event is
resolved. This issue may be transient and could be caused by one or more of the
following: a) Name Resolution/Network Connectivity to the current domain
controller. b) File Replication Service Latency [...] c) The Distributed File
System (DFS) client has been disabled."
I tried copying the policy files from the SYSVOL folder in windows to the
/usr/local/samba/locks/sysvol/... folder, and that didn't solve it. I also
mounted the share directly, and I could see the policies, but for some reason
my windows 7 machine isn't liking it.
Anyway, other things seem to be working. I can add users and they replicate
between boxes, and limited group policy settings seem to be working.
Thanks for your help!
Zach Bethel
The information in this communication is intended solely for the individual or
entity to whom it is addressed. It may contain confidential or legally
privileged information. If you are not the intended recipient, any disclosure,
copying, distribution or reliance on the contents of this information is
strictly prohibited, and may be unlawful. If you have received this
communication in error, please notify us immediately by responding to the
sender of this email, and then delete it from your system. Taylor University is
not liable for the inaccurate or improper transmission of the information
contained in this communication or for any delay in its receipt.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
