Changing the DNS Back End of a Samba AD DC: Difference between revisions

From SambaWiki
m (Mmuehlfeld moved page Changing the DNS Back End to Changing the DNS Back End of a Samba AD DC without leaving a redirect: Use a better fitting title)
(Rewrote page. Clearer structure.)
Line 1: Line 1:
= Introduction =
= Introduction =


Samba enables you to change switch between the <code>INTERNAL_DNS</code> and <code>BIND9_DLZ</code> DNS back end on your Active Directory (AD) domain controller (DC) without loosing data.
During the provisioning step of a new [[Setup_a_Samba_Active_Directory_Domain_Controller|Samba Active Directory Domain Controller]], you decided which DNS backend, if any, should be used: The internal DNS or BIND_DLZ. In some cases, it might be necessary to revise this decision because of problems, limitations or other reasons. In the following, we will describe how to change the DNS backend on a Samba AD Domain Controller.


'''See the [[Host_information_used_in_documentation|host information used in documentation]] page for used paths, hostnames, etc.'''








= Changing From the Samba Internal DNS Server to the BIND9_DLZ Back End =


Run on your domain controller (DC):
= Changing from Samba internal DNS to BIND_DLZ =


* [[BIND9_DLZ_DNS_Back_End|Setup BIND]]
* Set up and configure the <code>BIND9_DLZ</code> back end. For details, see [[BIND9_DLZ_DNS_Back_End|BIND9_DLZ Back End]].


* Shutdown Samba
* Shut down the Samba service.


* Migrate the backend to BIND_DLZ
* Migrate the back end:

# /usr/local/samba/sbin/samba_upgradedns --dns-backend=BIND9_DLZ
# samba_upgradedns --dns-backend=BIND9_DLZ

* Use one of the following ways to disable the internal DNS in your <code>smb.conf</code> file:

:* If you have a <code>server services</code> parameter, remove the <code>dns</code> option. For example:

server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate<s>, dns</s>

:* If you do not have a <code>server services</code> parameter, add the following line:


* Change the "server services" parameter. There are three ways to enable BIND_DLZ and disable the internal DNS:
:1st way: If do not have this parameter in your smb.conf, add it just with the "-dns" option. All other values are taken from the defaults (see man page).
server services = -dns
server services = -dns
:2nd way: If do not have this parameter in your smb.conf, add this line:
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
:3rd way: If you do have this parameter in your smb.conf, Remove the "dns" option:
server services = ........ <s>dns</s>


* Enable automatic startup of BIND at boot time, e. g. by using "chkconfig", "systemctl", etc. - depending on your distribution.
* Enable the BIND service to start at boot time. See your distribution's documentation for details.

* Start the BIND service.

* Start the Samba service.





= Changing From the BIND9_DLZ Back End to the Samba Internal DNS Server =

Run on your domain controller (DC):


* Start BIND
* Shut down the BIND service.


* Disable the automatic start of the BIND service at boot time. See your distribution's documentation for details.
* Start Samba


* Shut down the Samba service.


* Migrate the back end:


# samba_upgradedns --dns-backend=SAMBA_INTERNAL


* Use one of the following ways to disable the <code>BIND9_DLZ</code> module in your <code>smb.conf</code> file::


:* Replace the <code>-dns</code> with the <code>dns</code> option in the <code>server services</code> parameter. For example:
= Changing from BIND_DLZ to Samba internal DNS =


server services = 3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate<s>, -dns</s> dns
* Shutdown BIND


:* The internal DNS is one of the default settings of the <code>server services</code> parameter. Remove the <code>-dns</code> option to disable the <code>BIND9_DLZ</code> module. For example:
* Disable automatic startup of BIND at boot time, e. g. by using "chkconfig", "systemctl", etc. - depending on your distribution.


server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate<s>, dns</s>
* Shutdown Samba


:* If you only have the <code>-dns</code> option listed in the <code>server services</code> parameter, remove the entire parameter:
* Migrate the backend to Samba internal DNS
# /usr/local/samba/sbin/samba_upgradedns --dns-backend=SAMBA_INTERNAL


<s>server services = -dns</s>
* Change the "server services" parameter. there are three ways to disable BIND_DLZ and enable the internal DNS:
:1st way: The internal DNS is part of the "server services" defaults (see man page). Remove the "service services" parameter completely, only do this if the other options are also defaults.
<s>server services = ..... dns</s>
:2nd way: Add the "dns" option to the "server services" parameter:
server services = ..... dns
:3rd way: Change the "-dns" option to "dns":
server services = ........ <s>-dns</s> dns


* Start Samba
* Start the Samba service.





Revision as of 01:47, 12 October 2016

Introduction

Samba enables you to change switch between the INTERNAL_DNS and BIND9_DLZ DNS back end on your Active Directory (AD) domain controller (DC) without loosing data.



Changing From the Samba Internal DNS Server to the BIND9_DLZ Back End

Run on your domain controller (DC):

  • Shut down the Samba service.
  • Migrate the back end:
# samba_upgradedns --dns-backend=BIND9_DLZ
  • Use one of the following ways to disable the internal DNS in your smb.conf file:
  • If you have a server services parameter, remove the dns option. For example:
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
  • If you do not have a server services parameter, add the following line:
server services = -dns
  • Enable the BIND service to start at boot time. See your distribution's documentation for details.
  • Start the BIND service.
  • Start the Samba service.



Changing From the BIND9_DLZ Back End to the Samba Internal DNS Server

Run on your domain controller (DC):

  • Shut down the BIND service.
  • Disable the automatic start of the BIND service at boot time. See your distribution's documentation for details.
  • Shut down the Samba service.
  • Migrate the back end:
# samba_upgradedns --dns-backend=SAMBA_INTERNAL
  • Use one of the following ways to disable the BIND9_DLZ module in your smb.conf file::
  • Replace the -dns with the dns option in the server services parameter. For example:
server services = 3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, -dns dns
  • The internal DNS is one of the default settings of the server services parameter. Remove the -dns option to disable the BIND9_DLZ module. For example:
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
  • If you only have the -dns option listed in the server services parameter, remove the entire parameter:
server services = -dns
  • Start the Samba service.