[Samba] Replicated Failover Domain Controller and file server using LDAP

Rowland Penny rowlandpenny at googlemail.com
Wed Oct 1 01:22:59 MDT 2014 

On 27/08/14 12:54, Gary Wright wrote:
> Hi All
>
> thought I'd post my results from following your notes when trying to replicate my Samba PDC onto a Samba BDC as seen here
>
> https://wiki.samba.org/index.php/1.0._Configuring_Samba
>
> everything seemed to work as described until I got into the 'Initialization LDAP Database' and preloading the edited "preload-differentialdesign.ldif" file, kept getting a failure from the
>
> "dn: sambaDomainName= DDESIGN ,ou=Domains,dc= differentialdesign ,dc= org "
>
> section, no matter what options I used.
>
> Looking at my /var/log/messages on both my DC1 & DC2 I could see continual errors trying to access our either of our 2 DNS servers (example below)
>
> Aug 25 16:37:55 dc1 samba[2009]: [2014/08/25 16:37:55.120350, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
> Aug 25 16:37:55 dc1 samba[2009]: /usr/local/samba/sbin/samba_dnsupdate: 25-Aug-2014 16:37:55.120 dispatch 0x7f3734031db0: shutting down due to TCP receive error: 10.5.31.11#53: connection reset
> Aug 25 16:37:55 dc1 samba[2009]: [2014/08/25 16:37:55.120519, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
> Aug 25 16:37:55 dc1 samba[2009]: /usr/local/samba/sbin/samba_dnsupdate: ; Communication with 10.5.31.11#53 failed: unexpected error
>
> though both DNS servers were accessible and resolving addresses perfectly normally.
>
> I started to troubleshoot the samba status more closely and came across the 'samba_dnsupdate --verbose' command. This gave me a detailed list failures/successes trying to access DNS server records from both DC's
>
> [root at dc1 ~]# samba_dnsupdate --verbose
> IPs: ['10.5.15.11']
> Looking for DNS entry A tmxatrium.lan 10.5.15.11 as tmxatrium.lan.
> Looking for DNS entry A dc1.tmxatrium.lan 10.5.15.11 as dc1.tmxatrium.lan.
> Looking for DNS entry A gc._msdcs.tmxatrium.lan 10.5.15.11 as gc._msdcs.tmxatrium.lan.
> Failed to find matching DNS entry A gc._msdcs.tmxatrium.lan 10.5.15.11 as gc._msdcs.tmxatrium.lan
> Looking for DNS entry CNAME 7e32e874-8f2b-459f-b54f-bc96162e4afb._msdcs.tmxatrium.lan dc1.tmxatrium.lan as 7e32e874-8f2b-459f-b54f-bc96162e4afb._msdcs.tmxatrium.lan.
> Failed to find DNS entry CNAME 7e32e874-8f2b-459f-b54f-bc96162e4afb._msdcs.tmxatrium.lan dc1.tmxatrium.lan
> etc
> etc
>
>
> I then simply created the DNS records for each of the failures then restarted SAMBA on my BDC, et voila my account information replicated perfectly.
>
> I'm clearly not using LDAP but I'm not sure I actually need to ?? Is there any advantage ??
>
>
> Regards
>
> Gary
>
> 		
>
> Gary Wright
>
>
> System Administrator
>
>
> 7th floor, Becket House, 36 Old Jewry
>
> London, UK, EC2R 8DD
>
>
>
>
>
> ✉ gary.wright @tmxatrium.com
>
>
> Office: +44 203 194 2536
> Mobile: +44 7823 773 262
>
>
>
>
>
>
>
>
Hi, I 'think' that I can see your problem here, you are obviously using 
samba 4.1.x and you are following a howto last updated approx 7 years 
ago. You have set samba as an NT4-style domain controller, which is ok, 
but you are now trying to use tools that are meant to be used with the 
dns server built into samba4, I do not think they will work with your 
setup, is there any reason that you do not want to use an AD DC domain??

Rowland

More information about the samba mailing list