[Samba] Samba4 Secondary DC as Backup DC (redundancy)
Daniel Carrasco Marín
danielmadrid19 at gmail.com
Wed Jun 24 10:41:53 MDT 2015
2015-06-24 11:12 GMT+02:00 Daniel Carrasco Marín <danielmadrid19 at gmail.com>:
>
>
> 2015-06-23 20:47 GMT+02:00 Daniel Carrasco Marín <danielmadrid19 at gmail.com
> >:
>
>>
>> El 23/6/2015 8:33 p. m., "Sketch" <smblist at rednsx.org> escribió:
>> >
>> > On Tue, 23 Jun 2015, Rowland Penny wrote:
>> >
>> >> On 23/06/15 18:58, Daniel Carrasco Marín wrote:
>> >>>
>> >>> Hi,
>> >>>
>> >>> I've sucessfull created a secondary DC using the wiki manual (
>> >>> https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is
>> working
>> >>> perfectly, user and groups are synced on both and I can use any of
>> them
>> >>> for
>> >>> login using clients like Owncloud, Prosody, python scripts...
>> >>>
>> >>> Now my question is: ¿how I can use that secondary DC as backup when
>> the
>> >>> main fails?.
>> >>
>> >>
>> >> If it is by DHCP, then the dhcp server needs to push out both DCs as
>> nameservers, if static, then each client needs to be set to use both DCs as
>> nameservers.
>> >
>> >
>> > His quetion is a bit vague, but I would also assume he is using LDAP
>> for authentication on Owncloud, etc. In that case, he also needs LDAP to
>> fail over. Generally, you can just point LDAP clients at "
>> your.ADdomain.com" (whatever it is), which resolves to the IP addresses
>> of all of your DCs. If they fail to connect, they will usually retry and
>> get another address, and connect to a different DC.
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions: https://lists.samba.org/mailman/options/samba
>>
>> Thanks!!
>>
>> Yes, i forgot to say that the clients are windows 7 clients. On my
>> owncloud server i can put both LDAP servers then i think that if main fails
>> it will check the secondary (i've not tried yet).
>>
>> Greetings!!
>>
> Thanks Rowland,
>
> Finally is working. Now when i run a "nslookup domain.com" or "host
> domain.com" i get both IP addresses, and if i stop the main DC all still
> working without problem. Even the command "nltest /dsgetdc:domain" shows
> how the Windows machine is using the secondary DC.
> One quesiton: ¿Can i add more DC as backup using the same steps?.
>
> Of course all cannot be perfect, and now I've a python script with a weird
> problem: When i use secure ldap i can't query to root using base DN
> ("DC=domain,DC=com"). I only can if I use an OU in base DN
> ("OU=Users,DC=domain,DC=com"). All works if I use normal ldap.
> Someone knows a way to query to root using an OU in base DN?
>
> Greetings!!
>
Hi again...
Finally i think that i'll to rollback the trick, because i don't know why
but now all user GPO's are ignored and when I try to get the result with
gporesult i get an error similar to "the user don't have RSOP data". Even
the computer don't back to main DC when it's online.
Anyway, thanks for all.
More information about the samba
mailing list