[Samba] Failover DC did not work when Main DC failed

Rowland penny rpenny at samba.org
Fri Jan 31 13:15:17 UTC 2020 

On 31/01/2020 12:32, Paul Littlefield wrote:
> On 29/01/2020 16:43, Rowland penny via samba wrote:
>> OK, where did you get the 'failover' DC from ?
>
> From the official Samba wiki! :-)
>
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory 
>
>
> "Running one domain controller (DC) is sufficient for a working Active 
> Directory (AD) forest. However, for failover and load balancing 
> reasons, you should add further DCs to your AD forest."
>
> #facepalm

It doesn't say that any more ;-)

Even when it did, it didn't make any DC into a 'failover' DC.

>
>
>> As far as I am aware, all DC's are equal except for the FSMO roles 
>> and these can be on any DC. So terms like 'pdc', 'backup' and 
>> 'failover' are meaningless, they are all just a 'DC'.
>
> Can someone change or add that to the Samba wiki then please?
I didn't think we needed to, Samba is trying to emulate AD and those 
terms are meaningless on Windows AD, but I will add it to my TODO list.
>
> I was very careful NOT to use the word secondary because we've had 
> this dicussion before.
>
> I just want (what's the phrase?) "another" DC in the network for this 
> very situation where "one" DC with the FSMO role does not work and 
> have replication.
You have already mentioned it, you have one DC and when referencing any 
other DC's, you say 'another' DC, they are all just a DC ;-)
>
> I've obviously done something wrong, and I am keen to learn and fix it.
>
>
>> It sounds like your clients are set up to just use the DC that went 
>> down as their nameserver etc.
>
> Nope.
>
> I have both DCs as DNS and the "other" DNS server (dc4) was available 
> and working at the time.

Each DC should use itself as its DNS nameserver, but your clients should 
be able to use any DC for their DNS nameserver. You need to consult your 
OS's documentation to see how DNS failover should be set up. That is, if 
your client attempts to contact a particular DNS server running on a DC 
and it doesn't answer, it goes to the next DC DNS server without any 
real delay.

Rowland

More information about the samba mailing list