[Samba] Floating IP breaks AD replication

Johannes Engel jcnengel+samba at gmail.com
Mon Nov 23 18:07:50 UTC 2020

Hi Rowland,

your advice is much appreciated, but this is a misunderstanding. DCs are
used only for authentication and AD-based identity management. That
includes the standard services any DC offers, i.e. KRB5, LDAP etc.
Nonetheless, even those services need to be contacted by clients, and here
we use the model described in my post.

Best regards

Am Mo., 23. Nov. 2020 um 17:43 Uhr schrieb Rowland penny via samba <
samba at lists.samba.org>:

> On 23/11/2020 16:18, Johannes Engel via samba wrote:
> > Maybe this is a stupid idea, but what we are doing here is using just the
> > domain name for all sorts of services, i.e. LDAP.
> > So instead of pointing a client to dc1.somedom.contoso.com or
> > dc2.somedom.contoso.com, we point them to somedom.contoso.com which is
> then
> > resolved to both and the client can pick.
> >
> OK, you really should be only using the DC's for authentication and you
> sound like you are also using them as fileservers etc. This isn't a good
> idea, but sometimes you have to do this, just as long as you understand
> the limitations. What you shouldn't do is use multiple DC's for the same
> thing, as a mailserver for instance. You can have the mailserver objects
> in AD and these will be available on all DC's, but you shouldn't use all
> DC's as a mailserver.
> I think it might be an idea if you could explain your setup in a bit
> more detail. If you must use a cluster, then you need to use Unix domain
> members to create the cluster and then join these to the domain.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list