[Samba] User names not replicating to secondary DC

Rowland penny rpenny at samba.org
Thu Feb 27 20:16:50 UTC 2020

On 27/02/2020 19:56, durwin at mgtsciences.com wrote:
> > Why are you using the internal dns server on one DC and Bind9 on the 
> other ?
> I am very familiar with configuring Named on Fedora.  I thought it 
> would be
> just as easy on Ubuntu.  After discovering the files were in different 
> places
> and so many more being 'included', I decided to use internal on the 
> second
> one.  I believe there is a command to switch over to internal, correct?

There is, samba_upgradedns, but in your case, I would suggest you 
upgrade the internal dns to bind9. Every DC is authoritative for the dns 
domain, there are no slaves. this means that your forwarders must be 
outside the AD dns domain.

Try this /etc/bind/named.conf.options:

acl "trusted" {;;

options {
         directory "/var/cache/bind";
         notify no;
         empty-zones-enable no;
         allow-query { trusted;};
         allow-recursion { trusted;};
         forwarders {; };
         allow-transfer { none;};
         dnssec-validation no;
         dnssec-enable no;
         dnssec-lookaside no;
         listen-on-v6 { none; };
         listen-on port 53 {;; };

         tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";


More information about the samba mailing list