[Samba] Failover DC did not work when Main DC failed

[Kris Lou]

>
> I am not using BIND with Samba, just the Internal DNS which is the default.
>
What do you mean when you say "CNAMES or domain overrides pointing to a
> single DC"?
> I have DHCP handing out both DNS servers as 192.168.0.218 and
> 192.168.0.219 and they both work as nameservers perfectly.


This might be a problem down the road.  The Samba Internal DNS does NOT
round-robin -- it will always return your list of DC's in the same order,
so requests usually go to the first result.  If you have any simple
ldapclients (PHP clients, for example), it will query in order.  I don't
know if the ldapclient is smart enough to look at a 2nd DNS response if the
1st doesn't respond, but probably not -- further implied by "password
server = <dc1> <dc2>" and failover/redundancy is handled sequentially.

Re-reading how Windows' Netlogon Cache and such works, the client should
query a DNS server for known DC's and then perform an ldap-ping to ALL of
them before caching the preferred DC.  Which should mean that the order in
which a DC is listed or returned shouldn't matter, so the Internal DNS
lacking round-robin shouldn't matter to Windows clients.  But you might as
well go all the way ...



Kris Lou
klou at themusiclink.net


On Mon, Feb 17, 2020 at 4:45 AM Paul Littlefield <info at paully.co.uk> wrote:

> On 16/02/2020 15:03, Paul Littlefield via samba wrote:
> > 1) finding a way for ALL 70+ desktops to look up the DCs properly and
> switch to a running one if one is not available (otherwise what's the point
> right?)
>
> Hello Samba Mailing List,
>
> Just to be clear, I am using Ubuntu Server 18.04.4 LTS running Samba 4.7.6
> on both DCs.
>
> Is this the Samba version I should be using for this 'multiple DCs' option
> or is there a known bug with anything less than the latest Samba 4.11.6?
>
> Yours, ever hopeful.
>
> Paully
>