mergwyn
commented
8 years ago I'll try to incorporate this into the module, if you give me some pointers.
What should I set the role to be (it can't be 'dc') or how do I detect the domain already exists?
Open dalraf opened 8 years ago
mergwyn
commented
8 years ago I'll try to incorporate this into the module, if you give me some pointers.
What should I set the role to be (it can't be 'dc') or how do I detect the domain already exists?
kakwa
commented
8 years ago @mergwyn
At first glance, the best way to implement it would be to rename the "dc" class in a "domain" class and make it more generic (exposing the samba-tool command line arguments, more options, etc. In theory, the "dc" class already permits to override most parameters in smb.conf).
Then, make specialized classes, one reimplementing the dc class with the current API, an other implementing a "Domain Member" class for example. A generic class could be interesting for other use cases like replicas.
For the server role, it's probably member/member server, but I've never deployed this kind of setup.
On how to detect if the domain already exists, in the dc class I check if the /var/lib/samba/states/sysvol/
I lack the infrastructure to test these kind of setups, specially, I don't have a Windows AD to play with.
mergwyn
commented
8 years ago I'll try to take a look at this as I want to solve the problem for my environment. I am very new to puppet, so not sure how good a job I will do.
One thought I had is that, in samba terms, you are either a dc or a member so that classification works. The choice if you are a dc is whether you provision or join a domain. There is a samba-tool option to list domain info that could tell if the domain already exists as a prerequisite to the dc join. I would need to to do some experimentation as to what happens if you provision a domain that already exists.
I'm also short on infrastructure and only have a samba environment, no Windows AD servers.
On Tue, 9 Aug 2016 at 09:50 Carpentier Pierre-Francois < notifications@github.com> wrote:
@mergwyn https://github.com/mergwyn
At first glance, the best way to implement it would be to rename the "dc" class in a "domain" class and make it more generic (exposing the samba-tool command line arguments, more options, etc. In theory, the "dc" class already permits to override most parameters in smb.conf).
Then, make specialized classes, one reimplementing the dc class with the current API, an other implementing a "Domain Member" class for example. A generic class could be interesting for other use cases like replicas.
For the server role, it's probably member/member server, but I've never deployed this kind of setup.
On how to detect if the domain already exists, in the dc class I check if the /var/lib/samba/states/sysvol/ directory exists (note: /var/lib/samba could change, it's only the default). I don't know if the same check could be done for a domain member. For testing if the join is OK, in the Classic class, I run net ads testjoin.
I lack the infrastructure to test these kind of setups, specially, I don't have a Windows AD to play with.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/kakwa/puppet-samba/issues/18#issuecomment-238492589, or mute the thread https://github.com/notifications/unsubscribe-auth/ARSG8UAPZFPuStK_q_8IcgIrh2J5e-YIks5qeD9ugaJpZM4Gzxet .
Looks like only need to change the samba-tool cmd.
https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory