[Samba] Samba4 Secondary DC as Backup DC (redundancy)

Krutskikh Ivan stein.hak at gmail.com
Thu Jul 9 03:21:22 UTC 2015


Hi all,

I'm looking for the same setup: two samba ad servers to back up each other
on failover. Have you managed to find a viable solution?

Thanks in advance!

2015-06-24 19:41 GMT+03:00 Daniel Carrasco Marín <danielmadrid19 at gmail.com>:

> 2015-06-24 11:12 GMT+02:00 Daniel Carrasco Marín <danielmadrid19 at gmail.com
> >:
>
> >
> >
> > 2015-06-23 20:47 GMT+02:00 Daniel Carrasco Marín <
> danielmadrid19 at gmail.com
> > >:
> >
> >>
> >> El 23/6/2015 8:33 p. m., "Sketch" <smblist at rednsx.org> escribió:
> >> >
> >> > On Tue, 23 Jun 2015, Rowland Penny wrote:
> >> >
> >> >> On 23/06/15 18:58, Daniel Carrasco Marín wrote:
> >> >>>
> >> >>>  Hi,
> >> >>>
> >> >>>  I've sucessfull created a secondary DC using the wiki manual (
> >> >>>  https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is
> >> working
> >> >>>  perfectly, user and groups are synced on both and I can use any of
> >> them
> >> >>>  for
> >> >>>  login using clients like Owncloud, Prosody, python scripts...
> >> >>>
> >> >>>  Now my question is: ¿how I can use that secondary DC as backup when
> >> the
> >> >>>  main fails?.
> >> >>
> >> >>
> >> >> If it is by DHCP, then the dhcp server needs to push out both DCs as
> >> nameservers, if static, then each client needs to be set to use both
> DCs as
> >> nameservers.
> >> >
> >> >
> >> > His quetion is a bit vague, but I would also assume he is using LDAP
> >> for authentication on Owncloud, etc.  In that case, he also needs LDAP
> to
> >> fail over.  Generally, you can just point LDAP clients at "
> >> your.ADdomain.com" (whatever it is), which resolves to the IP addresses
> >> of all of your DCs. If they fail to connect, they will usually retry and
> >> get another address, and connect to a different DC.
> >> > --
> >> > To unsubscribe from this list go to the following URL and read the
> >> > instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >> Thanks!!
> >>
> >> Yes, i forgot to say that the clients are windows 7 clients. On my
> >> owncloud server i can put both LDAP servers then i think that if main
> fails
> >> it will check the secondary (i've not tried yet).
> >>
> >> Greetings!!
> >>
> > Thanks Rowland,
> >
> > Finally is working. Now when i run a "nslookup domain.com" or "host
> > domain.com" i get both IP addresses, and if i stop the main DC all still
> > working without problem. Even the command "nltest /dsgetdc:domain" shows
> > how the Windows machine is using the secondary DC.
> > One quesiton: ¿Can i add more DC as backup using the same steps?.
> >
> > Of course all cannot be perfect, and now I've a python script with a
> weird
> > problem: When i use secure ldap i can't query to root using base DN
> > ("DC=domain,DC=com"). I only can if I use an OU in base DN
> > ("OU=Users,DC=domain,DC=com"). All works if I use normal ldap.
> > Someone knows a way to query to root using an OU in base DN?
> >
> > Greetings!!
> >
>
> Hi again...
>
> Finally i think that i'll to rollback the trick, because i don't know why
> but now all user GPO's are ignored and when I try to get the result with
> gporesult i get an error similar to "the user don't have RSOP data". Even
> the computer don't back to main DC when it's online.
>
> Anyway, thanks for all.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list