[Samba] Dead DC change?

Ryan Ashley ryana at reachtechfp.com
Fri Oct 31 07:12:45 MDT 2014 

Alright, I did the dns_update and it had no errors and even stated "No 
DNS updates needed". So I assume that is good. Below is the 
configuration file from the second server.

# Global parameters
[global]
         workgroup = KIGM
         realm = KIGM.LOCAL
         netbios name = DC02
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, drepl, 
winbind, ntp_signd, dnsupdate
         interfaces = 127.0.0.1, 192.168.0.2

[netlogon]
         path = /samba/var/locks/sysvol/kigm.local/scripts
         read only = No

[sysvol]
         path = /samba/var/locks/sysvol
         read only = No

Thanks again for your help.

On 10/30/2014 06:15 PM, Marc Muehlfeld wrote:
> Hello Ryan,
>
> Am 30.10.2014 um 20:18 schrieb Ryan Ashley:
>> It finally happened, a DC is down and I am trying to figure out what to
>> do now. The LSI RAID card is dead (it actually caught fire briefly) and
>> I obviously cannot boot the system until the replacement arrives. I do
>> have a second Samba DC on the domain, but what I am seeing is that it
>> runs like Server 2000 for some reason.
> We're talking about an Samba AD DC?
>
> What do you mean with "... runs like Server 2000"?
>
>
>
>
>> It is acting like a backup DC,
>> not a normal DC like 2008 and 2003. I know that in the Windows world all
>> DCs have the global catalog and if one dies, no big deal. Now I am
>> experiencing insanely long startup times on workstations and long logon
>> times, as well as a few DNS issues.
> If you're having multiple AD DCs, then if one goes down, the other
> should work normal and users should not have any timeouts, etc. if there
> is at least one DC up in the same AD site.
>
> Maybe your second DC has/could not add it's entries into the DNS, so the
> clients can't find him for logons, etc.
>
> Try running
> # samba_dnsupdate --verbose
>
> It it fails, have a look here:
> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable
> It describes some things to check/repair.
>
> Do backups before!
>
>
>
>
>> So, is this the old "PDC/BDC" setup? If so, how can I get past 2000 and
>> make my domains a normal one after the other server comes back up? In
>> the meantime, how can I get my domain running until the other server
>> comes back up?
> No. AD isn't master/slave like in the NT4 times (PDC/BDC). All DC are
> equal, byside the FSMO roles. If one goes down, then the others are
> doing it's job (byside the FSMO roles functions - see
> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#The_five_FSMO_roles).
>
> And when your broken DC comes back, the replication bring all changes to
> this host. If just the Raid-Controller is broken and you can replace it
> without any data loss, this should be the way it will happen.
>
>
> Regards,
> Marc

More information about the samba mailing list