[Samba] 2nd samba DC: NT_STATUS_NO_LOGON_SERVERS

Thu Dec 28 13:53:50 UTC 2017

I added a 2nd DC (ADC2) to a samba-ADS today.

debian-9.3, samba-4.6.11 from Louis

followed
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory

replication works afai see

-

We wanted to test services after turning off the first DC, and running
ADC2 and a DM file-server only.

DC1/backup: 10.0.0.224
ADC2: 10.0.0.230

We then get NT_STATUS_NO_LOGON_SERVERS

On the DM server "main" we get:

# nmblookup ARBEITSGRUPPE#1c
added interface em1 ip=10.0.0.221 bcast=10.0.0.255 netmask=255.255.255.0

10.0.0.224 ARBEITSGRUPPE<1c>
10.0.0.230 ARBEITSGRUPPE<1c>

# nmblookup ARBEITSGRUPPE#1b
added interface em1 ip=10.0.0.221 bcast=10.0.0.255 netmask=255.255.255.0
10.0.0.224 ARBEITSGRUPPE<1b>

-

adc2:~# samba-tool  testparm
Press enter to see a dump of your service definitions

# Global parameters
[global]
	netbios name = ADC2
	realm = ARBEITSGRUPPE.HIDDEN.AT
	workgroup = ARBEITSGRUPPE
	dns forwarder = 10.0.0.254
	server role = active directory domain controller
	idmap_ldb:use rfc2307 = yes

[netlogon]
	path = /var/lib/samba/sysvol/arbeitsgruppe.hidden.at/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

-

main # cat /etc/resolv.conf
# Generated by net-scripts for interface eth0
search arbeitsgruppe.hidden.at
nameserver 10.0.0.230
nameserver 10.0.0.224

-
root at adc2:~# systemctl status samba-ad-dc.service
● samba-ad-dc.service - Samba AD Daemon
   Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled;
vendor preset: enabled)
   Active: active (running) since Thu 2017-12-28 14:43:39 CET; 8min ago
     Docs: man:samba(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 1000 (samba)
   Status: "smbd: ready to serve connections..."
    Tasks: 22 (limit: 4915)
   CGroup: /system.slice/samba-ad-dc.service
           ├─1000 /usr/sbin/samba
           ├─1001 /usr/sbin/samba
           ├─1002 /usr/sbin/samba
           ├─1003 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
           ├─1004 /usr/sbin/samba
           ├─1005 /usr/sbin/samba
           ├─1006 /usr/sbin/samba
           ├─1007 /usr/sbin/samba
           ├─1008 /usr/sbin/samba
           ├─1009 /usr/sbin/samba
           ├─1010 /usr/sbin/samba
           ├─1011 /usr/sbin/samba
           ├─1012 /usr/sbin/samba
           ├─1013 /usr/sbin/samba
           ├─1014 /usr/sbin/samba
           ├─1015 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
           ├─1018 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
           ├─1019 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
           ├─1021 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
           ├─1022 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
           ├─1047 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
           └─1048 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground

What do I miss here? Had to install "dnsutils" to make dns_update work
... I set up krb5.conf, nsswitch.conf ...