[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Fri Dec 18 12:50:33 UTC 2015

Ole, 

> >> Also I would like to state then, that I am somewhat disappointed. I
> >> have spent weeks (if not months) to get my domain running as it is
> >> now, only to find out that I will have no good sleep with it. Sorry
> >> to be so blunt.
Just months.. my testing periode was about 1 year! 
ok i have a complex network and extra things to account for and this was all done, while doing my normal work... 

Really try this. 
Go here : https://secure.bazuin.nl/scripts 

Install a clean debian jessie. 
select only ssh server at package selection, (optional base packages wont have negative inpact on the scripts, just your server performance.  

Get these (wget --no-check-certificate .. ) 
https://secure.bazuin.nl/scripts/0-setup-apt-debian.sh
https://secure.bazuin.nl/scripts/1-tools.sh 
https://secure.bazuin.nl/scripts/2-setup-network-hostname.sh 
https://secure.bazuin.nl/scripts/3-setup-ssh-debian.sh
https://secure.bazuin.nl/scripts/4-jessie-samba-DC.sh 

Configure the scripts and run them order.

In the end you have a good working samba ad dc. 
You can use it also to join a Samba AD. 

Give it a try, most problems you have are from a ; wrong change/broken DC/installed new DC with old ip/ etc. 
Many things here can be a case of your problems. 

You spent weeks,months on a problem, and you learn from it, so now your production ready.  ;-) 

And if you server is in production, use the script to join a DC. Sieze the FMSO roles, and remove the old. 
And NEVER!!! Use the samba server name/IP when you change a DC. 
And if you really need the old name, which for a DC should not be needed. 
Add a CNAME in the dns with the oldname. 
And dont confure things base on ip adres and always based on names, keeps you flexible to change things without damaging other things. 

.. yes... i learned the hardway also.  ;-) know what your talking about..  

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe
> Verzonden: vrijdag 18 december 2015 13:07
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller
> initially fails when PDC is offline
> 
> 
> 
> Am 18.12.2015 um 12:30 schrieb Rowland penny:
> > On 18/12/15 11:19, Ole Traupe wrote:
> >> Hi Rowland,
> >>
> >> I am very thankful, that you take the time and test all this!
> >
> > No problem.
> >
> >>
> >> Before I go and check if this is the same with my setup and possibly
> >> the problem, could you perhaps try a logon to a member server, while
> >> the 1st DC is unavailable?
> >
> > Ah, slight problem there, as I said, this is just a couple of test DCs
> > and there are no test domain members, you will have to bear with me
> > whilst I create one.
> 
> I would be very greatful, and I guess many others too.
> 
> I heard from many sides that you should really only use bind9 in case
> you plan a more complicated setup. Until now I thought that having 2 DCs
> wasn't considered as such.
> 
> 
> 
> >
> > Rowland
> >
> >>
> >> From my understanding of your post I take it, you will have the same
> >> problem. But then, my understanding is limited.
> >>
> >> However, if you DO have the same problem, and my understanding is
> >> correct, then the internal DNS of Samba is clearly *broken* and needs
> >> fixing!
> >>
> >> Also I would like to state then, that I am somewhat disappointed. I
> >> have spent weeks (if not months) to get my domain running as it is
> >> now, only to find out that I will have no good sleep with it. Sorry
> >> to be so blunt.
> >>
> >> Ole
> >>
> >>
> >>
> >
> >
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba