[Samba] Samba4 Redundant DCs

Michael Wood esiotrot at gmail.com
Thu Oct 17 05:18:21 MDT 2013 

On 16 October 2013 18:49, Thomas Maerz <tmaerz at brewerscience.com> wrote:

> I believe that means it has never replicated to AUTH1.
>
>
> Is that because it has never tried? When I read it:
>
>
>    1. DC=ForestDnsZones,DC=dom,DC=blah,DC=com
>    2.         Default-First-Site-Name\AUTH2 via RPC
>    3.                 DSA object GUID: 94a3b7c4-5462-4966
>    -a4da-dea56f42b346
>    4.                 Last attempt @ NTTIME(0) was successful
>    5.                 0 consecutive failure(s).
>    6.                 Last success @ NTTIME(0)
>
>
> I see that it was last successful at NTTIME(0), which indicates to me that
> it was indeed successful? Is this just bad logging lingo, maybe?
>

Yes, I think this is just a confusing way of saying that it never actually
tried.  I might be wrong, so I hope someone else will confirm this or tell
us what it really means, but I'm pretty sure.

I've not tried this, but I think that should work.  If you try
> querying the second DC with samba-tool do you see the DNS records?
>
>
> http://pastebin.com/FhTyB5dM
>
> It looks like it is showing up ^^, the same command on auth2 is doing the
> same thing, but if I set resolv.conf's name server to 192.168.2.153 (should
> be local DNS on auth2) it won't resolve anything. My motivation here is
> that if auth1 goes down, auth2 and things connected to it need to be able
> to resolve things on it's own. *EDIT: Nevermind, I didn't have a DNS
> forwarder specified in /etc/samba/smb.conf on auth2 (the new, replicated
> domain controller) *So I guess all is good on that issue, although I will
> have some more questions regarding redundant samba domain controllers in
> practice later possibly.
>

No problem.

Thomas
>
> On Oct 16, 2013, at 1:15 AM, Michael Wood <esiotrot at gmail.com> wrote:
>
> Hi
>
> On 15 October 2013 23:39, Thomas Maerz <tmaerz at brewerscience.com> wrote:
>
> I have semi-successfully provisioned 2 domain controllers on one domain
> with (I think) working replication. I followed the Samba wiki and used the
> sernet-samba-ad repos and packages on CentOS 6.4 x64. Questions:
>
> Replication status has times for outbound neighbors as @ NTTIME(0) on both
> sides. What does this mean? dc1: http://pastebin.com/atxPraCA dc2:
> http://pastebin.com/V9JkwbUq
>
>
> I believe that means it has never replicated to AUTH1.
>
> Both reports end with "Warning: No NC replicated for Connection!" What
> does this mean?
>
>
> I am not sure.  Maybe this is relevant, although it's quite old:
>
> https://lists.samba.org/archive/samba-technical/2011-November/080377.html
>
> How does DNS replication work here? I followed this:
> https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Check_required_DNS_entries_of_the_new_hostand had to add A record by hand and also the CNAME record. When it comes to
> the last step which I believe to be setting the name server to the newly
> provisioned replicated domain's own internal DNS (I'm using internal DNS),
> I set /etc/resolv.conf to point at <IP address> at which point DNS won't
> resolve anything. Is there something I can check here to ensure this is
> working or do I have the wrong idea altogether here?
>
>
> I've not tried this, but I think that should work.  If you try
> querying the second DC with samba-tool do you see the DNS records?
>
> kinit and klist return as expected on the first domain controller (auth1)
> but not so on the new replicated domain controller. dc1:
> http://pastebin.com/21SdGMEN dc2: NEVERMIND THAT PART JUST STARTED
> WORKING :)
>
> I'm very excited to be approved to put this new infrastructure into
> production eventually, and I appreciate the group's help to get the
> platform solid and reliable so I can thoroughly test it before deployment!
>
> --
> Michael Wood <esiotrot at gmail.com>
>
>
-- 
Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list