[Samba] Samba4 Secondary DC as Backup DC (redundancy)

Thu Jul 9 16:16:13 UTC 2015

2015-07-09 5:21 GMT+02:00 Krutskikh Ivan <stein.hak at gmail.com>:

> Hi all,
>
> I'm looking for the same setup: two samba ad servers to back up each other
> on failover. Have you managed to find a viable solution?
>
> Thanks in advance!
>

For now i'm working on another projects and i've the secondary DC stopped
for a while.
Anyway, the Wiki steps works fine and the only problem is the Sysvol, but
there is a new script in the wiki for bidirectional sync and mybe i'll work
fine too.

Greetings!!

>
> 2015-06-24 19:41 GMT+03:00 Daniel Carrasco Marín <danielmadrid19 at gmail.com
> >:
>
>> 2015-06-24 11:12 GMT+02:00 Daniel Carrasco Marín <
>> danielmadrid19 at gmail.com>:
>>
>> >
>> >
>> > 2015-06-23 20:47 GMT+02:00 Daniel Carrasco Marín <
>> danielmadrid19 at gmail.com
>> > >:
>> >
>> >>
>> >> El 23/6/2015 8:33 p. m., "Sketch" <smblist at rednsx.org> escribió:
>> >> >
>> >> > On Tue, 23 Jun 2015, Rowland Penny wrote:
>> >> >
>> >> >> On 23/06/15 18:58, Daniel Carrasco Marín wrote:
>> >> >>>
>> >> >>>  Hi,
>> >> >>>
>> >> >>>  I've sucessfull created a secondary DC using the wiki manual (
>> >> >>>  https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is
>> >> working
>> >> >>>  perfectly, user and groups are synced on both and I can use any of
>> >> them
>> >> >>>  for
>> >> >>>  login using clients like Owncloud, Prosody, python scripts...
>> >> >>>
>> >> >>>  Now my question is: ¿how I can use that secondary DC as backup
>> when
>> >> the
>> >> >>>  main fails?.
>> >> >>
>> >> >>
>> >> >> If it is by DHCP, then the dhcp server needs to push out both DCs as
>> >> nameservers, if static, then each client needs to be set to use both
>> DCs as
>> >> nameservers.
>> >> >
>> >> >
>> >> > His quetion is a bit vague, but I would also assume he is using LDAP
>> >> for authentication on Owncloud, etc.  In that case, he also needs LDAP
>> to
>> >> fail over.  Generally, you can just point LDAP clients at "
>> >> your.ADdomain.com" (whatever it is), which resolves to the IP
>> addresses
>> >> of all of your DCs. If they fail to connect, they will usually retry
>> and
>> >> get another address, and connect to a different DC.
>> >> > --
>> >> > To unsubscribe from this list go to the following URL and read the
>> >> > instructions:  https://lists.samba.org/mailman/options/samba
>> >>
>> >> Thanks!!
>> >>
>> >> Yes, i forgot to say that the clients are windows 7 clients. On my
>> >> owncloud server i can put both LDAP servers then i think that if main
>> fails
>> >> it will check the secondary (i've not tried yet).
>> >>
>> >> Greetings!!
>> >>
>> > Thanks Rowland,
>> >
>> > Finally is working. Now when i run a "nslookup domain.com" or "host
>> > domain.com" i get both IP addresses, and if i stop the main DC all
>> still
>> > working without problem. Even the command "nltest /dsgetdc:domain" shows
>> > how the Windows machine is using the secondary DC.
>> > One quesiton: ¿Can i add more DC as backup using the same steps?.
>> >
>> > Of course all cannot be perfect, and now I've a python script with a
>> weird
>> > problem: When i use secure ldap i can't query to root using base DN
>> > ("DC=domain,DC=com"). I only can if I use an OU in base DN
>> > ("OU=Users,DC=domain,DC=com"). All works if I use normal ldap.
>> > Someone knows a way to query to root using an OU in base DN?
>> >
>> > Greetings!!
>> >
>>
>> Hi again...
>>
>> Finally i think that i'll to rollback the trick, because i don't know why
>> but now all user GPO's are ignored and when I try to get the result with
>> gporesult i get an error similar to "the user don't have RSOP data". Even
>> the computer don't back to main DC when it's online.
>>
>> Anyway, thanks for all.
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>