[Samba] Dead DC change?

James lingpanda101 at gmail.com
Fri Oct 31 07:25:38 MDT 2014 

When you setup this DC did you set itself as a nameserver in resolv.conf?

On 10/31/2014 9:12 AM, Ryan Ashley wrote:
> Alright, I did the dns_update and it had no errors and even stated "No 
> DNS updates needed". So I assume that is good. Below is the 
> configuration file from the second server.
>
> # Global parameters
> [global]
>         workgroup = KIGM
>         realm = KIGM.LOCAL
>         netbios name = DC02
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, drepl, 
> winbind, ntp_signd, dnsupdate
>         interfaces = 127.0.0.1, 192.168.0.2
>
> [netlogon]
>         path = /samba/var/locks/sysvol/kigm.local/scripts
>         read only = No
>
> [sysvol]
>         path = /samba/var/locks/sysvol
>         read only = No
>
> Thanks again for your help.
>
> On 10/30/2014 06:15 PM, Marc Muehlfeld wrote:
>> Hello Ryan,
>>
>> Am 30.10.2014 um 20:18 schrieb Ryan Ashley:
>>> It finally happened, a DC is down and I am trying to figure out what to
>>> do now. The LSI RAID card is dead (it actually caught fire briefly) and
>>> I obviously cannot boot the system until the replacement arrives. I do
>>> have a second Samba DC on the domain, but what I am seeing is that it
>>> runs like Server 2000 for some reason.
>> We're talking about an Samba AD DC?
>>
>> What do you mean with "... runs like Server 2000"?
>>
>>
>>
>>
>>> It is acting like a backup DC,
>>> not a normal DC like 2008 and 2003. I know that in the Windows world 
>>> all
>>> DCs have the global catalog and if one dies, no big deal. Now I am
>>> experiencing insanely long startup times on workstations and long logon
>>> times, as well as a few DNS issues.
>> If you're having multiple AD DCs, then if one goes down, the other
>> should work normal and users should not have any timeouts, etc. if there
>> is at least one DC up in the same AD site.
>>
>> Maybe your second DC has/could not add it's entries into the DNS, so the
>> clients can't find him for logons, etc.
>>
>> Try running
>> # samba_dnsupdate --verbose
>>
>> It it fails, have a look here:
>> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable 
>>
>> It describes some things to check/repair.
>>
>> Do backups before!
>>
>>
>>
>>
>>> So, is this the old "PDC/BDC" setup? If so, how can I get past 2000 and
>>> make my domains a normal one after the other server comes back up? In
>>> the meantime, how can I get my domain running until the other server
>>> comes back up?
>> No. AD isn't master/slave like in the NT4 times (PDC/BDC). All DC are
>> equal, byside the FSMO roles. If one goes down, then the others are
>> doing it's job (byside the FSMO roles functions - see
>> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#The_five_FSMO_roles). 
>>
>>
>> And when your broken DC comes back, the replication bring all changes to
>> this host. If just the Raid-Controller is broken and you can replace it
>> without any data loss, this should be the way it will happen.
>>
>>
>> Regards,
>> Marc
>

-- 
-James

More information about the samba mailing list