[Samba] Samba4 Secondary DC Replication Concerns

Paul Littlefield info at paully.co.uk
Fri May 31 03:21:00 MDT 2013 

On 30/05/13 19:18, Marc Muehlfeld wrote:
>  From that history I can't say, if you followed the HowTo, because it doesn't give any results of the commands. Also the DNS addings should be done on the existing DC, said in the HowTo. This looks like you had done it on the new one.


Yes, sorry I forgot to include my command history from DC1 and say that I had already added the IP address of DC2 successfully by following the instructions :-)

samba.xyz.com ~ $ host -t A samba2.xyz.com.
samba2.xyz.com has address 192.168.0.209

Yes, it seems I followed the web page by running the commands on DC2 and not DC1. However, it DOES mention the "IP-of-your-DNS" which ofcourse _is_ DC1 :-)

  $ /usr/local/samba/bin/samba-tool dns add 192.168.0.208 _msdcs.xyz.com f0605966-1d4f-4fef-8a75-2a24863dbaa9 CNAME samba2.xyz.com -UAdministrator

This I did successfully, and the ldbsearch ran successfully too...

  $ /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid

  # record 1
  dn: CN=NTDS Settings,CN=SAMBA2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xyz,DC=com
  objectGUID: f0605966-1d4f-4fef-8a75-2a24863dbaa9

  # record 2
  dn: CN=NTDS Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xyz,DC=com
  objectGUID: 5813325c-fa80-4e0e-b76e-4666f6afe1e2

Now, let's try that on DC1.

Ah, I have just discovered something.

Bizarrely, I do not have the binary 'ldbsearch' in my /usr/local/samba/bin/ folder on DC1.

I have it on DC2, but not on DC1... and yet I followed the wiki exactly.

OK, I need to fix that.

How do I get the 'ldbsearch' binary on the DC1? Run 'make' again?

Also...

What the web page doesn't say is what the /etc/resolv.conf should be for the new DC2...

DC1: /etc/resolv.conf
domain xyz.com
nameserver 192.168.0.208

DC2: /etc/resolv.conf
domain xyz.com
nameserver 192.168.0.209


> I quickly added a new DC to my test environment (all 4.0.6), by exactly following the HowTo. And replication works, like expected (I also changed an attribute of an user account and it was automatically on the new DC).


Wow, excellent, so it should work for me then. Good to know.


> Warning: No NC replicated for Connection!


I see you get this too. Should I worry about it?

  
> Can you re-read the HowTo and make sure, that everything was done like described? And that both hosts can resolve the A record of each other and that the CNAME from {objectGUID}._msdcs.samdom.example.com. also?


Ah, that may be what's wrong.

root at samba2:~# host -t CNAME f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com 192.168.0.209
Using domain server:
Name: 192.168.0.209
Address: 192.168.0.209#53
Aliases:
Host f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com not found: 3(NXDOMAIN)

OK, I have now added the CNAME to DC2 as well as DC1.

root at samba2:~# /usr/local/samba/bin/samba-tool dns add 192.168.0.209 _msdcs.xyz.com f0605966-1d4f-4fef-8a75-2a24863dbaa9 CNAME samba2.xyz.com -UAdministrator

It resolves OK now on DC2.

root at samba2:~# host -t CNAME f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com 192.168.0.209

f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com is an alias for samba2.xyz.com.


:-)


I have restarted Samba on both DC1 and DC2.


I think my next job is to check what the /etc/resolv.conf should be on DC2.

Then, try and get 'ldbsearch' binary on DC1.

Does that sound like a plan?

Thanks for your help on this everyone.

Paully

More information about the samba mailing list