[Samba] Samba4 Multi-Master replication

Sun Jun 17 06:29:37 MDT 2012

Thanks for the info,

I did not try this setup yet.

Anyway,

Would you guys recommend a replication setup for production yet? The 
samba internal dns implementation being still work in progresss?

I really wonder if I should just set up a single DC for starters and 
wait until the whole DNS will be part of samba.
This Domain will only cater to about 100-150 clients and one DC should 
be easily able to deal with this workload?!

A second DC would certainly a good idea, but i really wonder if it's 
worth the hassle right now.

I can just take daily snapshots of a single DC and roll back if anything 
goes terribly wrong.

Thanks for your input!

-morten

On 06/13/2012 09:00 AM, Daniel Müller wrote:
> You  always need to have two Samba4/dns and the entries of both dns in your
> clients network settings too.
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Gémes Géza
> Gesendet: Dienstag, 12. Juni 2012 19:19
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Samba4 Multi-Master replication
>
> On 2012-06-12 12:16, Morten Kramer wrote:
>> Hi guys,
>>
>>
>> I'm trying to get the Samba4 multi-master replication to work.
>>
>>
>>
>> I set up the primary domain controller using this howto (under CentOS
>> 6.2 x64):
>>
>>
>> http://wiki.samba.org/index.php/Samba4/HOWTO
>>
>>
>>
>> I installed bind 9.8.3 and enabled encrypted dns updates.
>>
>>
>>
>>
>> I set up another VM with the same CentOS version and oriented myself
>> on this howto:
>>
>> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>>
>> to join the second DC into the domain. I edited /etc/resolv.conf and
>> set the nameserver to the IP of the primary DC (bind dns server).
>>
>>
>> Basic replication seems to work (not doing the rsync for sysvol yet).
>> However, when i take the primary DC offline (bind keeps running), I
>> can't use any of the .msc domain admin tools anymore.
>>
>> I always get an error message, telling me that there is no RPC server
>> available.
>> When i run gpmc.msc i can choose the DC i want to work on and I can
>> see the secondary one, but it will come back with the RPC error.
>>
>> I had Wireshark running on one of the Windows7 clients. It seems like
>> it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert
>> in packet analysis, could somebody give me a hint what to look for here?
>>
>>
>>
>> User authentication does still work and Kerberos tickets are generated
>> by the 2nd DC.
>>
>>
>>
>> I can find this in the log:
>>
>>
>> ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName
>> attribute of object
>> CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration
>> ,DC=aeriatest2,DC=dc,DC=loc
>> ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices:
>> NT_STATUS_INTERNAL_DB_CORRUPTION
>> ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections:
>> NT_STATUS_INTERNAL_DB_CORRUPTION
>> ...
>> Warning: 60 extra bytes in incoming RPC request
>> ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with
>> system_session
>>
>>
>>
>> Do i need to configure something extra, so the secondary DC will be
>> able to act as an RPC server?
>>
>>
>>
>>
>>
>> Thanks,
>> freezer
> Hi,
>
> With your setup DNS is the single point of failure, because with the
> (default) DLZ setup bind9 is able to serve DNS records only when samba4 is
> running on that box.
> My recommendation would be to try to set up DNS on the second DC too.
>
> Regards.
>
> Geza
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>