Joining samba4 to domain as PDC

Michael Wichers mwichers at gmail.com
Sun Jan 2 12:38:30 MST 2011


My apologies for not incluiding the forum

Perhaps I'm a bit confused and uneducated by pdc vs bdc.  The scenario I'm
wishing to cover is as follows

1 box acting as a  domain controller and dns  (primary)
a second box acting as a domain controller and dns (backup/secondary)

systems on the network connecting to the domain and use both dns servers.
DNS handles connecting to the domain controller.   So when the system setup
as primary domain controller and dns runs into something such as a hardware
failure, the backup domain controller can maintain its role and handle
domain authentication and dns updates, and can be used to rebuild the
primary domain controller.

If I have only one primary DNS server, and Samba is hosted on the same box
ans the primary dns, and therefore updating dns only in this one location,
and a backup dc running on a system without dns, and not making any dns
updates, then how would I handle an unrecoverable hardware failure?

Thing is, I'm working to set this up for a more advanced in home setup, and
my biggest fear is that if my box running as the primary domain controller
crashes, (raid controller/ proccessor/motherboard), I need some way to
recover the domain controller, or i would have to setup a new domain
controller and clear out everything on the home network.  My thinking was to
utilize pdc/bdc environment.  Now I'm wondering if there is some form of
setup I should be doing which would involve multime primary dc's, but that
too, possibly largely thanks to my igorance, sounds like a horrible idea.

Thanks for your support and feedback
Michael

On Tue, Dec 28, 2010 at 4:18 PM, Andrew Bartlett <abartlet at samba.org> wrote:

> Firstly, please keep this CC'ed on the mailing list.  That way others
> can help, or I can get a holiday without leaving you hanging, or if we
> uncover what is going on, others can learn.
>
> On Tue, 2010-12-28 at 08:35 -0600, Michael Wichers wrote:
> > my apologies, I mean bdc did not work.
> >
> > I setup samba a pdc, checked dns, and checked it by joining a windows
> > XP computer to the domain
> >
> > I setup a second box as a samba bdc, setup dns on the bdc just as I
> > did on the pdc
>
> This is incorrect.  There must only be one primary DNS server on the
> network (you may set up BIND secondary servers if you want, but that is
> outside the scope of Samba and i suggest getting everything to work
> first).
>
> Please just configure your second Samba server to point to the DNS
> configured and working on the first.
>
> How are your clients getting their DNS configuration?  Ensure that the
> address they get is the first Samba DC, and that is the same on any
> additional DCs.
>
> Please try and make your configuration as simple as possible, and
> refrain from manually editing the DNS zone, no matter how much you feel
> it is the right thing to do.  Also ensure BIND 9.7 is installed on both
> systems.
>
> Follow the instructions and debugging tips in the HOWTO carefully, and
> try not to over-think or guess about steps, as it makes it harder for us
> to help you.
>
> The issue may simply be that the second DC is not successfully
> registering it's DNS records using Kerberos.  The debugging instructions
> should help you test that (samba_dnsupdate --verbose)
>
> We are working with the BIND community to make this process much more
> robust, and BIND 9.8 should be much better in this regard.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/<http://samba.org/%7Eabartlet/>
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Cisco Inc.
>
>


More information about the samba-technical mailing list