[Samba] How to Migrate Samba AD from one server to another
Paul R. Ganci via samba
the documentation on the web somewhat lacking. Can somebody point me to
documentation that might help step me through an acceptable migration path?
Will the command
> samba-tool drs clone-dc-database <dnsdomain> --server=SERVER
-targetdir=TARGETDIR
essentially do what I want? Basically clone the AD on another server.
Then is it as easy as joining the new server to the domain and then
demoting the old server? How do others do this task?
--
Paul (ga...@nurdog.com)
Cell: (303)257-5208
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny via samba
"Paul R. Ganci via samba" <sa...@lists.samba.org> wrote:
> I would like to move a Samba AD from one server to another. I am
> finding the documentation on the web somewhat lacking. Can somebody
> point me to documentation that might help step me through an
> acceptable migration path?
>
> Will the command
>
> > samba-tool drs clone-dc-database <dnsdomain> --server=SERVER
> -targetdir=TARGETDIR
>
> essentially do what I want? Basically clone the AD on another server.
> Then is it as easy as joining the new server to the domain and then
> demoting the old server? How do others do this task?
>
add the new DC to the domain, let replication do its thing, transfer
any FSMO roles from the old DC to the new DC, demote old DC and then
turn off the old DC.
Rowland
Paul R. Ganci via samba
> On Sun, 11 Sep 2016 00:48:09 -0600
> "Paul R. Ganci via samba" <sa...@lists.samba.org> wrote:
>> essentially do what I want? Basically clone the AD on another server.
>> Then is it as easy as joining the new server to the domain and then
>> demoting the old server? How do others do this task?
> If you just want to replace a DC with another DC, then you only need to
> add the new DC to the domain, let replication do its thing, transfer
> any FSMO roles from the old DC to the new DC, demote old DC and then
> turn off the old DC.
principle. It is the details about which I am confused. There are 3
aspects of a Samba 4 AD that have to be properly setup for the AD to
function correctly. Namely the Samba configuration, Kerberos and DNS. If
any of these are incorrectly configured the AD will not function. So
here are my questions regarding the details of what you describe.
0.) Backup up the old DC.
1.) I assume two of the preparation steps would be to point the new DC
DNS (/etc/resolv.conf) to the old DC server DNS and then take the
smb.conf configuration from the old DC and move to the new DC. Is that
correct?
2.) After the preparation step in 1, is it sufficient to just issue
> samba-tool domain join mydom.example.com DC -Uadministrator
--realm=MYDOM.EXAMPLE.COM --dns-backend=BIND9_DLZ
to get the AD added to the domain and replication to occur?
3.) What will actually get replicated? From what I could sketch together
from the web the DNS will be moved. I know how to handle that but are
there any entries that have to be manually added as indicated from some
web sites I have found?
4.) What about the kerberos configuration? Do I configure kerberos on
the new DC as it was on the old DC? Does that happen at step 1 and then
do the samba-tool join or does replication take care of the keytab files
and config?
5.) Do I have to manually set the sysvol ACLs via:
> samba-tool ntacl sysvolreset
as suggested by some sites?
6.) Transfer FSMO roles
7.) Demote old DC
8.) Anything else I am missing?
Rowland Penny via samba
See inline comments:
On Sun, 11 Sep 2016 10:38:22 -0600
> On 09/11/2016 01:23 AM, Rowland Penny via samba wrote:
> > On Sun, 11 Sep 2016 00:48:09 -0600
> > "Paul R. Ganci via samba" <sa...@lists.samba.org> wrote:
> >> essentially do what I want? Basically clone the AD on another
> >> server. Then is it as easy as joining the new server to the domain
> >> and then demoting the old server? How do others do this task?
> > If you just want to replace a DC with another DC, then you only
> > need to add the new DC to the domain, let replication do its thing,
> > transfer any FSMO roles from the old DC to the new DC, demote old
> > DC and then turn off the old DC.
> Rowland, thanks for your reply. What you describe is pretty simple in
> principle. It is the details about which I am confused. There are 3
> aspects of a Samba 4 AD that have to be properly setup for the AD to
> function correctly. Namely the Samba configuration, Kerberos and DNS.
> If any of these are incorrectly configured the AD will not function.
> So here are my questions regarding the details of what you describe.
>
> 0.) Backup up the old DC.
>
> 1.) I assume two of the preparation steps would be to point the new
> DC DNS (/etc/resolv.conf) to the old DC server DNS
have one.....
> and then take the
> smb.conf configuration from the old DC and move to the new DC.
>
> 2.) After the preparation step in 1, is it sufficient to just issue
>
> > samba-tool domain join mydom.example.com DC -Uadministrator
> --realm=MYDOM.EXAMPLE.COM --dns-backend=BIND9_DLZ
>
> to get the AD added to the domain and replication to occur?
>
> 3.) What will actually get replicated? From what I could sketch
> together from the web the DNS will be moved. I know how to handle
> that but are there any entries that have to be manually added as
> indicated from some web sites I have found?
will get created the first time samba is started, but there is a gotcha,
it needs to use the computers kerberos ticket to do this, so you need
to change /etc/resolv.conf to point to itself before you start samba.
Once everything is correct and all dns objects exist, you can
reset /etc/resolv.conf.
>
> 4.) What about the kerberos configuration? Do I configure kerberos on
> the new DC as it was on the old DC? Does that happen at step 1 and
> then do the samba-tool join or does replication take care of the
> keytab files and config?
it needs to look just like this:
[libdefaults]
default_realm = <PUT YOUR REALM HERE>
dns_lookup_realm = false
dns_lookup_kdc = true
>
> 5.) Do I have to manually set the sysvol ACLs via:
>
> > samba-tool ntacl sysvolreset
>
> as suggested by some sites?
the old DC to the new one and then run 'samba-tool ntacl sysvolreset'
or you could use 'osync', see here for info:
https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_based_SysVol_replication_workaround
>
> 6.) Transfer FSMO roles
>
> 7.) Demote old DC
>
> 8.) Anything else I am missing?
>
to point it out ;-)
Rowland
Paul R. Ganci via samba
> On 09/11/2016 01:23 AM, Rowland Penny via samba wrote:
> Rowland, thanks for your reply. What you describe is pretty simple in
> principle. It is the details about which I am confused. There are 3
> aspects of a Samba 4 AD that have to be properly setup for the AD to
> function correctly. Namely the Samba configuration, Kerberos and DNS.
> If any of these are incorrectly configured the AD will not function.
> So here are my questions regarding the details of what you describe.
> <snip>
> 6.) Transfer FSMO roles
>
> 7.) Demote old DC
>
So I successfully moved the DC to another server. However when I try to
demote the old DC I get this error.
nikita> samba-tool domain demote -Uadministrator
Using nureyev.myhome.example.com as partner server for the demotion
Password for [MYHOME\administrator]:
Deactivating inbound replication
Asking partner server nureyev.myhome.example.com to synchronize from us
Changing userControl and container
Error while demoting, re-enabling inbound replication
ERROR(<type 'exceptions.RuntimeError'>): Error while sending a
removeDsServer of
CN=NIKITA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=myhome,DC=example,DC=com:
- (31, 'WERR_GENERAL_FAILURE')
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 921, in run
drsuapiBind.DsRemoveDSServer(drsuapi_handle, 1, req1)
Does anyone have a clue as to why I cannot demote the old DC? I am at a
loss as to what is wrong. All the FSMO transfered properly to the new
server. I did sync the sysvol so I am not sure what happened here
because everything was good at one point. What I am finding now is that
on what I want to be the PDC I have this:
> samba-tool drs showrepl
Default-First-Site-Name\NUREYEV
DSA Options: 0x00000001
DSA object GUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
DSA invocationId: 0fcda6bb-9435-4852-ac8d-660af8443d34
==== INBOUND NEIGHBORS ====
==== OUTBOUND NEIGHBORS ====
==== KCC CONNECTION OBJECTS ====
But on the old DC that I want to demote I have this:
> samba-tool drs showrepl
Default-First-Site-Name\NIKITA
DSA Options: 0x00000001
DSA object GUID: ba98d422-c8a7-4ac3-9196-8eec84e4445a
DSA invocationId: c47710e7-8649-4c2f-bf82-f26c8d23effc
==== INBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=myhome,DC=example,DC=com
Default-First-Site-Name\NUREYEV via RPC
DSA object GUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
Last attempt @ Sun Oct 2 18:10:24 2016 MDT failed, result 2
(WERR_BADFILE)
301 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=myhome,DC=example,DC=com
Default-First-Site-Name\NUREYEV via RPC
DSA object GUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
Last attempt @ Sun Oct 2 18:10:24 2016 MDT failed, result 2
(WERR_BADFILE)
301 consecutive failure(s).
Last success @ NTTIME(0)
DC=myhome,DC=example,DC=com
Default-First-Site-Name\NUREYEV via RPC
DSA object GUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
Last attempt @ Sun Oct 2 18:10:24 2016 MDT failed, result 2
(WERR_BADFILE)
301 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=myhome,DC=example,DC=com
Default-First-Site-Name\NUREYEV via RPC
DSA object GUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
Last attempt @ Sun Oct 2 18:10:24 2016 MDT failed, result 2
(WERR_BADFILE)
301 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=myhome,DC=example,DC=com
Default-First-Site-Name\NUREYEV via RPC
DSA object GUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
Last attempt @ Sun Oct 2 18:10:24 2016 MDT failed, result 2
(WERR_BADFILE)
301 consecutive failure(s).
Last success @ NTTIME(0)
==== OUTBOUND NEIGHBORS ====
DC=DomainDnsZones,DC=myhome,DC=example,DC=com
Default-First-Site-Name\NUREYEV via RPC
DSA object GUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
Last attempt @ Sun Oct 2 18:11:50 2016 MDT failed, result 2
(WERR_BADFILE)
90 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=myhome,DC=example,DC=com
Default-First-Site-Name\NUREYEV via RPC
DSA object GUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
Last attempt @ Sun Oct 2 18:11:50 2016 MDT failed, result 2
(WERR_BADFILE)
90 consecutive failure(s).
Last success @ NTTIME(0)
DC=myhome,DC=example,DC=com
Default-First-Site-Name\NUREYEV via RPC
DSA object GUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
Last attempt @ Sun Oct 2 18:11:50 2016 MDT failed, result 2
(WERR_BADFILE)
90 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=myhome,DC=example,DC=com
Default-First-Site-Name\NUREYEV via RPC
DSA object GUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
Last attempt @ Sun Oct 2 18:11:50 2016 MDT failed, result 2
(WERR_BADFILE)
90 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=myhome,DC=example,DC=com
Default-First-Site-Name\NUREYEV via RPC
DSA object GUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
Last attempt @ Sun Oct 2 18:11:50 2016 MDT failed, result 2
(WERR_BADFILE)
90 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 2b332225-20d4-486f-8b38-87c56c64f707
Enabled : TRUE
Server DNS name : nureyev.myhome.example.com
Server DN name : CN=NTDS
Settings,CN=NUREYEV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=myhome,DC=example,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Any suggestions as how to debug/fix this problem so I can demote the old DC?
--
Paul (ga...@example.com)
Paul R. Ganci via samba
> <snip>
>
> Any suggestions as how to debug/fix this problem so I can demote the
> old DC?
>
So I discovered that on the new DC it appears a NTDS record is missing.
On DC nikita.myhome.example.com
> ldbsearch -H /var/lib/samba/private/sam.ldb '(invocationid=*)'
--cross-ncs objectguid
# record 1
dn: CN=NTDS
Settings,CN=NUREYEV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=myhome,DC=example,DC=com
objectGUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
# record 2
dn: CN=NTDS
Settings,CN=NIKITA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=myhome,DC=example,DC=com
objectGUID: ba98d422-c8a7-4ac3-9196-8eec84e4445a
# returned 2 records
# 2 entries
# 0 referrals
but on the new DC nureyev.myhome.example.com:
> ldbsearch -H /var/lib/samba/private/sam.ldb '(invocationid=*)'
--cross-ncs objectguid
# record 1
dn: CN=NTDS
Settings,CN=NUREYEV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=myhome,DC=example,DC=com
objectGUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
# returned 1 records
# 1 entries
# 0 referrals
How is it that one of the entries is now missing? IS there someway to
fix this problem? It appears that the the new DC server object is there
and known by both DCs but the old DC object is missing from the new DC
server?
--
Paul (ga...@nurdog.com)
Paul R. Ganci via samba
I am seeing this error in the old DC log file
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.1.11[1024,seal,krb5,target_hostname=275c02e7-7077-4b10-ab71-77efeb93bb6b._msdcs.myhome.example.com,target_principal=GC/nureyev.myhome.example.com/myhome.example.com,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.1.11]
NT_STATUS_UNSUCCESSFUL
I just don't know how to fix it. Can I edit
/var/lib/samba/private/sam.ldb and add the missing entry for
# record 2
dn: CN=NTDS
Settings,CN=NIKITA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=myhome,DC=example,DC=com
objectGUID: ba98d422-c8a7-4ac3-9196-8eec84e4445a
or can I just take the old DC offline and simply
> samba-tool domain demote --remove-other-dead-server=NIKITA
Rowland Penny via samba
Known problem, see here:
https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
Rowland
Paul R. Ganci via samba
> Onldbsearch -H /var/lib/samba/private/sam.ldb '(invocationid=*)'
>>> --cross-ncs objectguid
>>> # record 1
>>> dn: CN=NTDS
>>> objectGUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
>>>
>>> # record 2
>>> dn: CN=NTDS
>>> Settings,CN=NIKITA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=myhome,DC=example,DC=com
>>> objectGUID: ba98d422-c8a7-4ac3-9196-8eec84e4445a
>>>
>>> # returned 2 records
>>> # 2 entries
>>> # 0 referrals
>>>
>>>
>>>> ldbsearch -H /var/lib/samba/private/sam.ldb '(invocationid=*)'
>>> --cross-ncs objectguid
>>> # record 1
>>> dn: CN=NTDS
>>> objectGUID: 275c02e7-7077-4b10-ab71-77efeb93bb6b
>>>
>>> # returned 1 records
>>> # 1 entries
>>> # 0 referrals
>>>
>>> How is it that one of the entries is now missing? IS there someway
>>> to fix this problem? It appears that the the new DC server object
>>> is there and known by both DCs but the old DC object is missing
>>> from the new DC server?
>> I am seeing this error in the old DC log file
>>
>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>> NT_STATUS_UNSUCCESSFUL
>>
>> I just don't know how to fix it. Can I edit
>> /var/lib/samba/private/sam.ldb and add the missing entry for
>>
>> # record 2
>> dn: CN=NTDS
>> Settings,CN=NIKITA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=myhome,DC=example,DC=com
>> objectGUID: ba98d422-c8a7-4ac3-9196-8eec84e4445a
>>
>> or can I just take the old DC offline and simply
>>
>> > samba-tool domain demote --remove-other-dead-server=NIKITA
>>
> Known problem, see here:
>
> https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
Well I did what was indicated from the wiki and discovered that
replication worked at first. However the replication killed the DC1
(nikita.myhome.example.com) such that it no longer worked. I think the
problem is that there was a record on DC1 that looked like this:
# record 206
dn: CN=NIKITA,OU=Domain Controllers,DC=myhome,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: NIKITA
instanceType: 4
whenCreated: 20130804214231.0Z
uSNCreated: 3583
name: NIKITA
objectGUID: 4f3beaa6-1111-46b8-b435-2ae15861ee14
userAccountControl: 532480
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
localPolicyFlags: 0
pwdLastSet: 130201261510000000
primaryGroupID: 516
objectSid: S-1-5-21-729452656-3029571206-2736118167-1000
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: NIKITA$
sAMAccountType: 805306369
operatingSystem: Samba
operatingSystemVersion: 4.0.7-SerNet-RedHat-4.el6
dNSHostName: nikita.myhome.example.com
objectCategory:
CN=Computer,CN=Schema,CN=Configuration,DC=myhome,DC=example,DC=
com
isCriticalSystemObject: TRUE
rIDSetReferences: CN=RID Set,CN=NIKITA,OU=Domain
Controllers,DC=myhome,DC=exampled
og,DC=com
serverReferenceBL:
CN=NIKITA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN
=Configuration,DC=myhome,DC=example,DC=com
msDS-SupportedEncryptionTypes: 31
servicePrincipalName: HOST/nikita.myhome.example.com
servicePrincipalName: HOST/nikita.myhome.example.com/MYHOME
servicePrincipalName: ldap/nikita.myhome.example.com/MYHOME
servicePrincipalName: GC/nikita.myhome.example.com/myhome.example.com
servicePrincipalName: ldap/nikita.myhome.example.com
servicePrincipalName: HOST/nikita.myhome.example.com/myhome.example.com
servicePrincipalName: ldap/nikita.myhome.example.com/myhome.example.com
servicePrincipalName: HOST/NIKITA
servicePrincipalName:
E3514235-4B06-11D1-AB04-00C04FC2DCD2/ba98d422-c8a7-4ac3-
9196-8eec84e4445a/myhome.example.com
servicePrincipalName:
ldap/ba98d422-c8a7-4ac3-9196-8eec84e4445a._msdcs.myhome.
example.com
servicePrincipalName: ldap/NIKITA
servicePrincipalName: RestrictedKrbHost/NIKITA
servicePrincipalName: RestrictedKrbHost/nikita.myhome.example.com
servicePrincipalName:
ldap/nikita.myhome.example.com/DomainDnsZones.myhome.example.com
servicePrincipalName:
ldap/nikita.myhome.example.com/ForestDnsZones.myhome.example.com
servicePrincipalName: nfs/nikita
servicePrincipalName: nfs/nikita.myhome.example.com
lastLogonTimestamp: 131198490436935340
whenChanged: 20161002023043.0Z
uSNChanged: 5716
lastLogon: 131199325446020720
distinguishedName: CN=NIKITA,OU=Domain
Controllers,DC=myhome,DC=example,DC=com
But on DC2 (nureyev.myhome.example.com) there was only this:
# record 1
dn: CN=NIKITA,CN=Computers,DC=myhome,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
instanceType: 4
whenCreated: 20130804214231.0Z
uSNCreated: 3237
objectGUID: 4f3beaa6-1111-46b8-b435-2ae15861ee14
codePage: 0
countryCode: 0
localPolicyFlags: 0
pwdLastSet: 130201261510000000
objectSid: S-1-5-21-729452656-3029571206-2736118167-1000
accountExpires: 9223372036854775807
sAMAccountName: NIKITA$
sAMAccountType: 805306369
operatingSystem: Samba
operatingSystemVersion: 4.0.7-SerNet-RedHat-4.el6
dNSHostName: nikita.myhome.example.com
rIDSetReferences: CN=RID
Set,CN=NIKITA,CN=Computers,DC=myhome,DC=example,DC=com
servicePrincipalName: HOST/nikita.myhome.example.com
servicePrincipalName: HOST/nikita.myhome.example.com/MYHOME
servicePrincipalName: ldap/nikita.myhome.example.com/MYHOME
servicePrincipalName: GC/nikita.myhome.example.com/myhome.example.com
servicePrincipalName: ldap/nikita.myhome.example.com
servicePrincipalName: HOST/nikita.myhome.example.com/myhome.example.com
servicePrincipalName: ldap/nikita.myhome.example.com/myhome.example.com
servicePrincipalName: HOST/NIKITA
servicePrincipalName:
E3514235-4B06-11D1-AB04-00C04FC2DCD2/ba98d422-c8a7-4ac3-
9196-8eec84e4445a/myhome.example.com
servicePrincipalName:
ldap/ba98d422-c8a7-4ac3-9196-8eec84e4445a._msdcs.myhome.
example.com
servicePrincipalName: ldap/NIKITA
servicePrincipalName: RestrictedKrbHost/NIKITA
servicePrincipalName: RestrictedKrbHost/nikita.myhome.example.com
servicePrincipalName:
ldap/nikita.myhome.example.com/DomainDnsZones.myhome.example.com
servicePrincipalName:
ldap/nikita.myhome.example.com/ForestDnsZones.myhome.example.com
servicePrincipalName: nfs/nikita
servicePrincipalName: nfs/nikita.myhome.example.com
objectCategory:
CN=Computer,CN=Schema,CN=Configuration,DC=myhome,DC=example,DC=
com
msDS-SupportedEncryptionTypes: 31
serverReferenceBL:
CN=NIKITA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN
=Configuration,DC=myhome,DC=example,DC=com
lastLogonTimestamp: 131198490436935340
userAccountControl: 4096
isCriticalSystemObject: FALSE
primaryGroupID: 515
whenChanged: 20161002235437.0Z
cn: NIKITA
name: NIKITA
uSNChanged: 3827
distinguishedName: CN=NIKITA,CN=Computers,DC=myhome,DC=example,DC=com
I think that when I tried to demote DC1 before replication was working
that caused the DC1 to change the Domain Controller record
dn: CN=NIKITA,OU=Domain Controllers,DC=myhome,DC=example,DC=com
to simply a computer record
dn: CN=NIKITA,CN=Computers,DC=myhome,DC=example,DC=com
completely screwing up DC1.
Thankfully I made a backup and could put things back the way they were.
I will try again next weekend but this time I will make sure replication
is working 1st. That means doing the wiki DNS fix to get replication to
work first.
I think I was so close to having this all work.
--
Paul (ga...@example.com)
Cell: (303)257-5208
--