[Samba] Samba firts DC fail over

Jeff Sadowski jeff.sadowski at gmail.com
Mon Feb 27 17:53:26 UTC 2017 

Without any configuration, command outputs for troubleshooting you are not
going to get very far on this.

I suggest you run some troubleshooting commands on the client computer.

resolv.conf isn't a good place to put DNS as it has no way of dealing with
SRV records. It is better to make sure your DNS servers are working
properly. Each DC should be a DNS server for the domain

nslookup is a good start.

I would start to see if it is sees what it is suppose to in DNS

nslookup domainname

or

nslookup domainname <ip of active DC>

you can use --type=SRV to get SRV records

nslookup --type=SRV _ldap._tcp.domainname
make sure all the needed resolves can be made from the clients.

then try making the connections maybe use telnet (from the clients) to try
and access the ports

Maybe you have a firewall on your other servers that you need to turn off?


On Fri, Feb 24, 2017 at 11:20 PM, Keshia lesly diana Etsiké malam <
keshialesly at yahoo.fr> wrote:

> Hello.
> In my configuration I have three DCs one who build the domain and two
> replication. For the configuration of the client I put in the resolv.conf
> the three DC addresse. So normally the client is able to contact all DCs of
> domain. But to have domain information only the dc that built the domain
> provided them, and when I stop it, replication DCs are unable to provide
> this information to client machines.
>
> regards
>
>
>
>
> Le Samedi 25 février 2017 0h14, Jeff Sadowski via samba <
> samba at lists.samba.org> a écrit :
>
>
> Just a thought if the client machines are still getting a listing in the
> DNS for the failed machines wouldn't this be a problem? How would the
> programs know not to use the failed server? Is there a way to temporarily
> move the failed machines out of dns listings?
>
> On Fri, Feb 24, 2017 at 8:52 AM, Vinicius Bones Silva via samba <
> samba at lists.samba.org> wrote:
>
> > No, the question is about your client machine. Who are the DNS servers
> > configured on it? Does it have a second dns server configured? If it uses
> > your first DC as DNS, and you take that DC offline, who the client
> machine
> > will query for domain info?
> >
> > As for the issue below it is normal. Every DC registers an "A" record for
> > your domain name. When you use dig, it will retrieve all "A" entries for
> > "domain_name", but when you ping it, one of the A records will be
> selected
> > at random and used to be the target for ping. You can do a "ipconfig
> > /flushdns" to force the client machine to try and find a different
> address
> > for ping.
> >
> > Regards,
> > Vinicius.
> >
> > Em 24/02/2017 11:15, Keshia lesly diana Etsiké malam escreveu:
> >
> >> Normally all Dcs play the role of DNS. When I do a "dig domain_name" I
> >> have all the DCs in the domain, but when I ping the domain name there is
> >> only one DC that responds. And I do not know how to change that. When I
> >> shut down the DC having created the domain, the secondary Dc are able
> >> resolve the domain naming.
> >>
> >>
> >> Le Vendredi 24 février 2017 14h47, Vinicius Bones Silva via samba <
> >> samba at lists.samba.org> a écrit :
> >>
> >>
> >> who are the DNS servers used by the client machine?
> >>
> >> Em 24/02/2017 05:42, Keshia lesly diana Etsiké malam via samba escreveu:
> >> > Hello,
> >> > I am currently testing for Samba4. The creation of the domain and the
> >> secondary Dc implementation works well. But by performing tests for a
> fail
> >> over situation I realized that when the DC that created the domain is in
> >> fail over the linux client machine can no longer retrieve the list of
> users
> >> from the domain. I would like to know if a person has already faced this
> >> situation and if so how he solved it.
> >> >
> >> >  Thank you.
> >>
> >> --
> >>
> >>
> >> Vinicius Silva
> >> SOC
> >>
> >>
> >> BRA: + 55 51 2117.1000 <+55%2051%202117-1000> | 55 11 5521.2021
> >> USA: + 1 888 259.5801 <(888)%20259-5801>
> >> vbs at e-trust.com.br <mailto:vbs at e-trust.com.br>
> >> skype: vinicius.bones.silva
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>    Smiley face
> >>
> >> www.e-trust.com.br <http://www.e-trust.com.br/>
> >>
> >>
> >> Esta mensagem pode conter informações confidenciais ou privilegiadas. Se
> >> você recebeu esta
> >> mensagem por engano, você não deve usar, copiar, divulgar ou tomar
> >> qualquer atitude com
> >> base nestas informações. Solicitamos que você apague a mensagem
> >> imediatamente e avise a
> >> E-TRUST, enviando um e-mail para suporte at e-trust.com.br. <mailto:
> >> suporte at e-trust.com.br.> Opiniões, conclusões ou
> >> informações contidas nesta mensagem não necessariamente refletem a
> >> posição oficial da
> >> E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode
> >> ser confirmada
> >> pela Autoridade Certificadora Privada E-TRUST, disponível em
> >> www.e-trust.com.br.
> >>
> >> This message may contain privileged and confidential information for the
> >> use of the
> >> intended recipients only. If you are not an intended recipient then you
> >> should not
> >> disseminate, copy, or take any action based on its contents. If you have
> >> received this
> >> message in error then please notify E-TRUST by sending an e-mail message
> >> to
> >> suporte at e-trust.com.br <mailto:suporte at e-trust.com.br> immediately.
> >> Views and opinions expressed in this message do not
> >> necessarily reflect the position of E-TRUST. If this message is
> digitally
> >> signed, its
> >> authenticity can be confirmed by E-TRUST Private Certificate Authority,
> >> available at
> >> www.e-trust.com.br.
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
>
> >>
> >>
> >>
> > --
> >
> >
> > Vinicius Silva
> > SOC
> >
> >
> > BRA: + 55 51 2117.1000 <+55%2051%202117-1000> | 55 11 5521.2021
> > USA: + 1 888 259.5801 <(888)%20259-5801>
> > vbs at e-trust.com.br
> > skype: vinicius.bones.silva
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >        Smiley face
> >
> > www.e-trust.com.br <http://www.e-trust.com.br/>
> >
> >
> > Esta mensagem pode conter informações confidenciais ou privilegiadas. Se
> > você recebeu esta mensagem por engano, você não deve usar, copiar,
> divulgar
> > ou tomar qualquer atitude com base nestas informações. Solicitamos que
> você
> > apague a mensagem imediatamente e avise a E-TRUST, enviando um e-mail
> para
> > suporte at e-trust.com.br. Opiniões, conclusões ou informações contidas
> > nesta mensagem não necessariamente refletem a posição oficial da E-TRUST.
> > Caso assinada digitalmente, a autenticidade desta mensagem pode ser
> > confirmada pela Autoridade Certificadora Privada E-TRUST, disponível em
> > www.e-trust.com.br.
> >
> > This message may contain privileged and confidential information for the
> > use of the intended recipients only. If you are not an intended recipient
> > then you should not disseminate, copy, or take any action based on its
> > contents. If you have received this message in error then please notify
> > E-TRUST by sending an e-mail message to suporte at e-trust.com.br
> > immediately. Views and opinions expressed in this message do not
> > necessarily reflect the position of E-TRUST. If this message is digitally
> > signed, its authenticity can be confirmed by E-TRUST Private Certificate
> > Authority, available at www.e-trust.com.br.
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>

More information about the samba mailing list