[Samba] Samba4 Multi-Master replication ( slave setup possible ?)

L.P.H. van Belle belle at bazuin.nl
Wed Jun 13 03:30:45 MDT 2012 

Is it possible to create slave DNS servers of the samba server. 

I would like to setup like this. ( this is also my running setup with samba 3) 

		  SLAVEDNS1 \
SAMBA(DNS)  /		  Clients pc's with dns servers slave1 and slave2 
		\ SLAVEDNS2 / 

I my case slavedns(1) is also master of an external lan which is replicated to slavedns2. 
This was needed because of security and the way i extract the external dns settings, 
dont ask why, i just created a solution which my ICT company could not. 

so the question is, can i do this with samba4 and bind DLZ setup?

Louis


>-----Oorspronkelijk bericht-----
>Van: mueller at tropenklinik.de 
>[mailto:samba-bounces at lists.samba.org] Namens Daniel Müller
>Verzonden: 2012-06-13 09:01
>Aan: 'Gémes Géza'; samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba4 Multi-Master replication
>
>You  always need to have two Samba4/dns and the entries of 
>both dns in your
>clients network settings too.
>
>-----------------------------------------------
>EDV Daniel Müller
>
>Leitung EDV
>Tropenklinik Paul-Lechler-Krankenhaus
>Paul-Lechler-Str. 24
>72076 Tübingen
>
>Tel.: 07071/206-463, Fax: 07071/206-499
>eMail: mueller at tropenklinik.de
>Internet: www.tropenklinik.de
>-----------------------------------------------
>-----Ursprüngliche Nachricht-----
>Von: samba-bounces at lists.samba.org 
>[mailto:samba-bounces at lists.samba.org] Im
>Auftrag von Gémes Géza
>Gesendet: Dienstag, 12. Juni 2012 19:19
>An: samba at lists.samba.org
>Betreff: Re: [Samba] Samba4 Multi-Master replication
>
>On 2012-06-12 12:16, Morten Kramer wrote:
>> Hi guys,
>>
>>
>> I'm trying to get the Samba4 multi-master replication to work.
>>
>>
>>
>> I set up the primary domain controller using this howto (under CentOS
>> 6.2 x64):
>>
>>
>> http://wiki.samba.org/index.php/Samba4/HOWTO
>>
>>
>>
>> I installed bind 9.8.3 and enabled encrypted dns updates.
>>
>>
>>
>>
>> I set up another VM with the same CentOS version and oriented myself 
>> on this howto:
>>
>> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>>
>> to join the second DC into the domain. I edited /etc/resolv.conf and 
>> set the nameserver to the IP of the primary DC (bind dns server).
>>
>>
>> Basic replication seems to work (not doing the rsync for sysvol yet).
>> However, when i take the primary DC offline (bind keeps running), I 
>> can't use any of the .msc domain admin tools anymore.
>>
>> I always get an error message, telling me that there is no 
>RPC server 
>> available.
>> When i run gpmc.msc i can choose the DC i want to work on and I can 
>> see the secondary one, but it will come back with the RPC error.
>>
>> I had Wireshark running on one of the Windows7 clients. It 
>seems like 
>> it tries to talk to the 2nd DC (DCERPC packets). But i'm not 
>an expert 
>> in packet analysis, could somebody give me a hint what to 
>look for here?
>>
>>
>>
>> User authentication does still work and Kerberos tickets are 
>generated 
>> by the 2nd DC.
>>
>>
>>
>> I can find this in the log:
>>
>>
>> ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName 
>> attribute of object 
>> 
>CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration
>> ,DC=aeriatest2,DC=dc,DC=loc
>> ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices:
>> NT_STATUS_INTERNAL_DB_CORRUPTION
>> ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create 
>connections:
>> NT_STATUS_INTERNAL_DB_CORRUPTION
>> ...
>> Warning: 60 extra bytes in incoming RPC request
>> ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with 
>> system_session
>>
>>
>>
>> Do i need to configure something extra, so the secondary DC will be 
>> able to act as an RPC server?
>>
>>
>>
>>
>>
>> Thanks,
>> freezer
>Hi,
>
>With your setup DNS is the single point of failure, because with the
>(default) DLZ setup bind9 is able to serve DNS records only 
>when samba4 is
>running on that box.
>My recommendation would be to try to set up DNS on the second DC too.
>
>Regards.
>
>Geza
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list