[Samba] Recurrent DNS issues after DC loss

Ole Traupe ole.traupe at tu-berlin.de
Wed Jun 6 14:26:53 UTC 2018

On 06.06.2018 16:02, Rowland Penny via samba wrote:
> On your DC, set the AD DNS domain in the domain and the IP of your DC in the nameserver parameter of the /etc/resolv.conf file. For example:
> domain samdom.example.com
> nameserver

So "domain" and not "search"? I had "search" set due to the result of 
some discussion on the list.

>> I seem to remember having read here on the list, that it is no good
>> idea to mix samba versions in a domain. If there is sound advice to
>> do it anyways, I would be up for trying it. However, as I have
>> written above, I messed up the uid/gid ranges. To my understanding,
>> later versions of Samba (like 4.5) _require_ the ranges to comply to
>> the defaults as denoted by the wiki.
> There is nothing to stop you using different versions on DCs and you
> can do the same with Unix domain members, unless you are using the 'ad'
> backend  and are NOT using Domain Users as the users Unix primary group.

Why and how would I _not_ do this?

> It is however, best practise to use the same major version, just to get
> similar capabilities on all machines.
>> I will do that. I am using RSAT. Would I eradicate the complete site
>> associated with the dead DC? Or which containers/objects in
>> particular?
> If the DC was the only one at a site and you have no other computers at
> that site, then yes you can delete the site.

No, there are other computers at the site, Windows clients and Linux 

I was able to remove the NTDS "connection" entry from Sites and Services.

However, I wasn't able to remove the DC itself from Sites and Service as 
well as from "Domain Controllers" in ADUC. I get "Windows cannot delete 
object [...] because: The specified module could not be found."

> Rowland

Thanks a lot, Rowland!



More information about the samba mailing list