[Samba] Samba4 Redundant DCs

Thomas Maerz tmaerz at brewerscience.com
Wed Oct 16 10:49:08 MDT 2013 

> I believe that means it has never replicated to AUTH1.

Is that because it has never tried? When I read it:

DC=ForestDnsZones,DC=dom,DC=blah,DC=com
        Default-First-Site-Name\AUTH2 via RPC
                DSA object GUID: 94a3b7c4-5462-4966-a4da-dea56f42b346
                Last attempt @ NTTIME(0) was successful
                0 consecutive failure(s).
                Last success @ NTTIME(0)

I see that it was last successful at NTTIME(0), which indicates to me that it was indeed successful? Is this just bad logging lingo, maybe?

> I've not tried this, but I think that should work.  If you try
> querying the second DC with samba-tool do you see the DNS records?


http://pastebin.com/FhTyB5dM

It looks like it is showing up ^^, the same command on auth2 is doing the same thing, but if I set resolv.conf's name server to 192.168.2.153 (should be local DNS on auth2) it won't resolve anything. My motivation here is that if auth1 goes down, auth2 and things connected to it need to be able to resolve things on it's own. EDIT: Nevermind, I didn't have a DNS forwarder specified in /etc/samba/smb.conf on auth2 (the new, replicated domain controller) So I guess all is good on that issue, although I will have some more questions regarding redundant samba domain controllers in practice later possibly.

Thomas

On Oct 16, 2013, at 1:15 AM, Michael Wood <esiotrot at gmail.com> wrote:

> Hi
> 
> On 15 October 2013 23:39, Thomas Maerz <tmaerz at brewerscience.com> wrote:
>> I have semi-successfully provisioned 2 domain controllers on one domain with (I think) working replication. I followed the Samba wiki and used the sernet-samba-ad repos and packages on CentOS 6.4 x64. Questions:
>> 
>> Replication status has times for outbound neighbors as @ NTTIME(0) on both sides. What does this mean? dc1: http://pastebin.com/atxPraCA dc2: http://pastebin.com/V9JkwbUq
> 
> I believe that means it has never replicated to AUTH1.
> 
>> Both reports end with "Warning: No NC replicated for Connection!" What does this mean?
> 
> I am not sure.  Maybe this is relevant, although it's quite old:
> 
> https://lists.samba.org/archive/samba-technical/2011-November/080377.html
> 
>> How does DNS replication work here? I followed this: https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Check_required_DNS_entries_of_the_new_host and had to add A record by hand and also the CNAME record. When it comes to the last step which I believe to be setting the name server to the newly provisioned replicated domain's own internal DNS (I'm using internal DNS), I set /etc/resolv.conf to point at <IP address> at which point DNS won't resolve anything. Is there something I can check here to ensure this is working or do I have the wrong idea altogether here?
> 
> I've not tried this, but I think that should work.  If you try
> querying the second DC with samba-tool do you see the DNS records?
> 
>> kinit and klist return as expected on the first domain controller (auth1) but not so on the new replicated domain controller. dc1: http://pastebin.com/21SdGMEN dc2: NEVERMIND THAT PART JUST STARTED WORKING :)
>> 
>> I'm very excited to be approved to put this new infrastructure into production eventually, and I appreciate the group's help to get the platform solid and reliable so I can thoroughly test it before deployment!
>> 
>> 
> 
> -- 
> Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list