[Samba] Failover DC did not work when Main DC failed
Kris Lou
klou at themusiclink.net
Fri Jan 31 18:15:33 UTC 2020
Here is another link (with a set of links in the article, sorry):
https://blogs.msmvps.com/acefekay/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records/
I particularly like the Summary graphic about 20% down:
1. New client queries for all DCs in the domain
- Retrieves SRVs from _tcp.<domain>
2. Attempts LDAP bind to all
3. First DC to respond
- Examines client IP and subnet definitions
- Refers client to a site
4. Client stores site in registry
5. Client queries for all DCs in the site
- Retrieves SRVs from _tcp.<site>._sites.<domain>
6. Attempts LDAP bind to all
7. First DC to respond
1. Authenticates client
2. Client forms affinity
8. Subsequently
- Client binds to affinity DC
- DC offline? Client queries for DCs in registry-stored site
- Client moved to another site? DC refers client to another site (see
#4)
Now, I haven't observed all of this in an offline DC situation, but
"winbind --ping-dc" will show the equivalent to "nltest /dsgetdc:<domain>
/gc" to show the DC currently being queried.
Kris Lou
klou at themusiclink.net
On Fri, Jan 31, 2020 at 8:05 AM Paul Littlefield via samba <
samba at lists.samba.org> wrote:
> On 31/01/2020 13:15, Rowland penny via samba wrote:
> > Each DC should use itself as its DNS nameserver, but your clients should
> be able to use any DC for their DNS nameserver. You need to consult your
> OS's documentation to see how DNS failover should be set up. That is, if
> your client attempts to contact a particular DNS server running on a DC and
> it doesn't answer, it goes to the next DC DNS server without any real delay.
>
> Sorry, forgot to say that both DCs have themselves and each other in
> /etc/resolv.conf
>
> Regards,
>
> Paul
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list