[Samba] 2nd samba DC: NT_STATUS_NO_LOGON_SERVERS

[Stefan G. Weichinger]

Am 2017-12-28 um 15:55 schrieb L.P.H. van Belle via samba:
> Hai Stephan, 
> 
> You need also this in smb.conf
> 
>     # enable offline logins
>     winbind offline logon = yes

On which server(s)? The DCs? the DM?

> I did also test my logins with one DC turned off. 
> And login on the DM is no problem or my pcs, no problem. 
> 
> I did not test the AD logins thats because these have only linux logins for maintainance. 
> And that always works. 

We have logins via ADC2 working for 15 mins now.

I have set up sysvol-rsync (works), but the ADC2 logs failing access to
the ADC1. Seems as if the GPOs point to ADC1 somehow?


> In a 2 DC setup, setup your nameservers first to the LAN ip of the server itself. 
> Resolv.conf example in a 2 DC setup when both servers are ALREADY in the AD. 
> When the second DC isnt in the AD jet, switch the servers in resolv.conf
> Reboot and then switch them base as shown below and test again. 
> 
> # Sample DC1. 
> search arbeitsgruppe.hidden.at
> # DC1 
> nameserver 192.168.0.1
> # DC2 
> nameserver 192.168.0.2
> # Internet Fallback (optional) 
> #nameserver 8.8.8.8
> 
> # Sample DC2. 
> search arbeitsgruppe.hidden.at
> # DC2 
> nameserver 192.168.0.2
> # DC1 
> nameserver 192.168.0.1
> # Internet Fallback (optional) 
> #nameserver 8.8.8.8
> 
> And you know, samba AD DC, does not run NMBD. 

I think we have that quite this way already, will check later.

> For the member resolv.conf which server goes first is up2you, but i suggest you also low the timeout. 
> These are good, and adjust to your need if you want bit quickers login when a DC is off/down. 
> # options to add in resolv.conf
> # timeout, default 30 sec.
> options timeout:3
> # attempts defaults to 5.
> options attempts:2
> # Rotate between the name servers. 
> options rotate

ok