[Samba] Dead DC change?

Fri Oct 31 07:07:13 MDT 2014

Yes, the entire AD domain is hosted by two Samba DCs. They both run 
4.1.11 on 64bit Debian Wheezy (looking to switch to Gentoo due to Debian 
adopting systemd) and I synchronize the sysvol using Unison.

As for the 2000 comment, I mean it seems like the servers are running as 
PDC/BDC instead of all servers just being servers. I have the 2008 R2 
functionality level, so I would expect them all to be equal servers, but 
I may be wrong here.

I will try the DNS update, but this should not be a problem. Just like 
when I ran Server 2003/2008 systems, I run Samba, DNS, and DHCP on both 
of my servers. Is running the DNS servers on each system going to give 
me a problem? I try to distribute the load by setting dc01's DHCP server 
to specify its DNS server first and dc02's DNS server second, and dc02's 
DHCP server specifies its DNS server first and dc01's second. This way 
when one server goes down and a system gets DHCP info from the other 
server, it tries that server first.

I will VPN into the location and get the smb.conf in a bit. Thank you 
for your help!

On 10/30/2014 06:15 PM, Marc Muehlfeld wrote:
> Hello Ryan,
>
> Am 30.10.2014 um 20:18 schrieb Ryan Ashley:
>> It finally happened, a DC is down and I am trying to figure out what to
>> do now. The LSI RAID card is dead (it actually caught fire briefly) and
>> I obviously cannot boot the system until the replacement arrives. I do
>> have a second Samba DC on the domain, but what I am seeing is that it
>> runs like Server 2000 for some reason.
> We're talking about an Samba AD DC?
>
> What do you mean with "... runs like Server 2000"?
>
>
>
>
>> It is acting like a backup DC,
>> not a normal DC like 2008 and 2003. I know that in the Windows world all
>> DCs have the global catalog and if one dies, no big deal. Now I am
>> experiencing insanely long startup times on workstations and long logon
>> times, as well as a few DNS issues.
> If you're having multiple AD DCs, then if one goes down, the other
> should work normal and users should not have any timeouts, etc. if there
> is at least one DC up in the same AD site.
>
> Maybe your second DC has/could not add it's entries into the DNS, so the
> clients can't find him for logons, etc.
>
> Try running
> # samba_dnsupdate --verbose
>
> It it fails, have a look here:
> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable
> It describes some things to check/repair.
>
> Do backups before!
>
>
>
>
>> So, is this the old "PDC/BDC" setup? If so, how can I get past 2000 and
>> make my domains a normal one after the other server comes back up? In
>> the meantime, how can I get my domain running until the other server
>> comes back up?
> No. AD isn't master/slave like in the NT4 times (PDC/BDC). All DC are
> equal, byside the FSMO roles. If one goes down, then the others are
> doing it's job (byside the FSMO roles functions - see
> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#The_five_FSMO_roles).
>
> And when your broken DC comes back, the replication bring all changes to
> this host. If just the Raid-Controller is broken and you can replace it
> without any data loss, this should be the way it will happen.
>
>
> Regards,
> Marc