[Samba] Failover DC did not work when Main DC failed
Paul Littlefield
info at paully.co.uk
Wed Feb 19 10:54:49 UTC 2020
On 18/02/2020 19:58, Kris Lou via samba wrote:
> This might be a problem down the road. The Samba Internal DNS does NOT
> round-robin -- it will always return your list of DC's in the same order,
> so requests usually go to the first result. If you have any simple
> ldapclients (PHP clients, for example), it will query in order. I don't
> know if the ldapclient is smart enough to look at a 2nd DNS response if the
> 1st doesn't respond, but probably not -- further implied by "password
> server = <dc1> <dc2>" and failover/redundancy is handled sequentially.
>
> Re-reading how Windows' Netlogon Cache and such works, the client should
> query a DNS server for known DC's and then perform an ldap-ping to ALL of
> them before caching the preferred DC. Which should mean that the order in
> which a DC is listed or returned shouldn't matter, so the Internal DNS
> lacking round-robin shouldn't matter to Windows clients. But you might as
> well go all the way ...
Hello Kris,
Thanks for this information, hopefully it will help us.
Samba 4 AD DC
QNAP Domain Joined
DNS1 = 192.168.0.218
DNS2 = 192.168.0.219
DC1 = 192.168.0.218
DC2 = 192.168.0.219
QNAP = 192.168.0.201
So, normally, a Windows client should do this...
Domain --> DNS1 --> DC1
Files --> DNS1 --> QNAP --> DC1
In the event of server failure (DNS1/DC1 is unavailable) a Windows client should do this...
Domain --> DNS1 = fail
--> DNS2 --> DC1 = fail
--> DC2
Files --> DNS1 = fail
--> DNS2 --> QNAP --> DC1 = fail
--> DC2
...have I got that correct?
Is this what everyone else is doing?!
Regards,
Paully
More information about the samba
mailing list