Discussion:
[Samba] old dc still mentioned as msSFU30MasterServerName
(too old to reply)
mourik jan heupink - merit
2014-09-19 11:30:03 UTC
Permalink
Hi,

Our DC1 had to be taken offline due to corruption. Roles were seized,
and I managed to get rid of the directory metadata by using this script
from microsoft:

http://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3

After that I had to remove the remaining DNS stuff, and now everything
seems to be in perfect shape, with dc2/dc3/dc4, replicating perfectly,
no more errors.

After this excersize I dumped the entire active directory to an ldif:
ldbsearch --url=/var/lib/samba/private/sam.ldb >
/root/samba4/samba4.ldif and grepped that file for "DC1", and I noticed
that DC1 is still referenced to as "msSFU30MasterServerName" in 15 places.

I have asked this here before, but received no answers.

The question: can I simply replace "msSFU30MasterServerName: DC1" with
"msSFU30MasterServerName: DC2", or is there other/more magic involved..?

And also...what does msSFU30MasterServerName actually mean/do?

Kind regards,
Mourik Jan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2014-09-21 13:30:02 UTC
Permalink
Post by mourik jan heupink - merit
Hi,
Our DC1 had to be taken offline due to corruption. Roles were seized,
and I managed to get rid of the directory metadata by using this
http://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3
After that I had to remove the remaining DNS stuff, and now everything
seems to be in perfect shape, with dc2/dc3/dc4, replicating perfectly,
no more errors.
ldbsearch --url=/var/lib/samba/private/sam.ldb >
/root/samba4/samba4.ldif and grepped that file for "DC1", and I
noticed that DC1 is still referenced to as "msSFU30MasterServerName"
in 15 places.
I have asked this here before, but received no answers.
The question: can I simply replace "msSFU30MasterServerName: DC1" with
"msSFU30MasterServerName: DC2", or is there other/more magic involved..?
And also...what does msSFU30MasterServerName actually mean/do?
Kind regards,
Mourik Jan
Hi, firstly 'msSFU30MasterServerName' contains the name of the Master
NIS Server for the map's in AD, so yes, if you no longer have a DC
called 'DC1' then you can and should change the contents of the
'msSFU30MasterServerName' to contain the name of the new DC.

Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
mourik jan heupink - merit
2014-09-22 07:50:02 UTC
Permalink
Hi Rowland,
Post by Rowland Penny
Hi, firstly 'msSFU30MasterServerName' contains the name of the Master
NIS Server for the map's in AD, so yes, if you no longer have a DC
called 'DC1' then you can and should change the contents of the
'msSFU30MasterServerName' to contain the name of the new DC.
And if I have multiple DC's, can I just choose one randomly, or does it
for example need to own a specific role, or simply just *any* DC?

MJ
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2014-09-22 08:50:02 UTC
Permalink
Post by mourik jan heupink - merit
Hi Rowland,
Post by Rowland Penny
Hi, firstly 'msSFU30MasterServerName' contains the name of the Master
NIS Server for the map's in AD, so yes, if you no longer have a DC
called 'DC1' then you can and should change the contents of the
'msSFU30MasterServerName' to contain the name of the new DC.
And if I have multiple DC's, can I just choose one randomly, or does it
for example need to own a specific role, or simply just *any* DC?
MJ
Hi Mourik, it is all in the name 'Master NIS Server', the NIS server
doesn't even have to be a windows server!

NIS is a unix thing and really has nothing to with windows, so yes, in
my opinion you can use any DC.

Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
mourik jan heupink - merit
2014-09-22 15:10:02 UTC
Permalink
Hi Rowland,

I've done some googling on NIS, because I didn't know exactly what it
was... (perhaps strange)

I see now that it comes from msSFU30DomainInfo. We are not using any of
that, and also have never used it. I guess it comes by default, or
perhaps you get it together with RFC2307 attributes. (which we are using)

Anyway, I'll set it to an existing DC, and for the rest forget about it.

Thank you!
Post by Rowland Penny
Hi Mourik, it is all in the name 'Master NIS Server', the NIS server
doesn't even have to be a windows server!
NIS is a unix thing and really has nothing to with windows, so yes, in
my opinion you can use any DC.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
mourik jan heupink - merit
2014-09-22 15:20:02 UTC
Permalink
Hmm some more googling reveils that perhaps NIS and rfc2307 is the same
thing...
Post by mourik jan heupink - merit
Hi Rowland,
I've done some googling on NIS, because I didn't know exactly what it
was... (perhaps strange)
I see now that it comes from msSFU30DomainInfo. We are not using any of
that, and also have never used it. I guess it comes by default, or
perhaps you get it together with RFC2307 attributes. (which we are using)
Anyway, I'll set it to an existing DC, and for the rest forget about it.
Thank you!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2014-09-22 15:30:02 UTC
Permalink
Post by mourik jan heupink - merit
Hmm some more googling reveils that perhaps NIS and rfc2307 is the
same thing...
Well, yes and no, NIS was a Sun thing and was a way of having
centralised authentication on Unix, rfc2307 is the attributes to use for
Unix authentication with LDAP. AD server for NIS comes with their
variation on rfc2307, you only need the purely NIS server bits if you
are using AD as a NIS server and have 'nis' in the passwd & group lines
in /etc/nsswitch.conf (unless anybody knows differently).

Rowland
Post by mourik jan heupink - merit
Post by mourik jan heupink - merit
Hi Rowland,
I've done some googling on NIS, because I didn't know exactly what it
was... (perhaps strange)
I see now that it comes from msSFU30DomainInfo. We are not using any of
that, and also have never used it. I guess it comes by default, or
perhaps you get it together with RFC2307 attributes. (which we are using)
Anyway, I'll set it to an existing DC, and for the rest forget about it.
Thank you!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Adam Tauno Williams
2014-09-22 19:10:02 UTC
Permalink
Post by Rowland Penny
Post by mourik jan heupink - merit
Hmm some more googling reveils that perhaps NIS and rfc2307 is the
same thing...
Well, yes and no, NIS was a Sun thing and was a way of having
centralised authentication on Unix, rfc2307 is the attributes to use for
Unix authentication with LDAP.
More specifically the document RFC2307 [and RFC2307bis] define the LDAP
schema for replicating the behavior and data-model of NIS using an LDAP
DSA. Generally it has come to mean UNIX groups and accounts in LDAP.

These days I imagine in most cases the schema defined in RFC2307 is used
with things like winbind and NSS_LDAP rather than with NIS [also known
as Yellow Pages, and there is (or was) NIS+ as well].
Post by Rowland Penny
AD server for NIS comes with their
variation on rfc2307, you only need the purely NIS server bits if you
are using AD as a NIS server and have 'nis' in the passwd & group lines
in /etc/nsswitch.conf (unless anybody knows differently).
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...