[Samba] new dc does not allow login..?

L.P.H. van Belle belle at bazuin.nl
Fri Oct 23 09:52:23 UTC 2020


Sorry for my blundess.. 

The correct lines, i forgot the echo's.. :-// 

First DC1 
SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
echo "search  $(hostname -d)" > resolv.conf.new
echo "nameserver ${SERVER_IP}" >> resolv.conf.new
echo "nameserver 8.8.8.8 # because we want a fallback to internet, for now."  >> resolv.conf.new
mv /etc/resolv.conf{,.backup}
mv /etc/resolv.conf.new /etc/resolv.conf
# Check resolv.conf before you reboot ! 


Then DC2 before the reboot of DC2. 
SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
echo "search  $(hostname -d)" > resolv.conf.new
for x in `host $(hostname -d) |grep -Evi mail|grep -v ${SERVER_IP} |awk '{ print $NF }'` ; \
 do echo "nameserver ${x}" >> /etc/resolv.conf.new ; done
echo "nameserver ${SERVER_IP}" >> resolv.conf.new

mv /etc/resolv.conf{,.backup-1}
mv /etc/resolv.conf.new /etc/resolv.conf
# Check resolv.conf before you reboot ! 


Then DC2 after the reboot of DC2. 
SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
echo "search  $(hostname -d)" > resolv.conf.new
echo "nameserver ${SERVER_IP}" >> resolv.conf.new

for x in `host $(hostname -d) |grep -Evi mail|grep -v ${SERVER_IP} |awk '{ print $NF }'` ; \
 do echo "nameserver ${x}" >> /etc/resolv.conf.new ; done

mv /etc/resolv.conf{,.backup-2}
mv /etc/resolv.conf.new /etc/resolv.conf

# Check resolv.conf before you reboot ! 


 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: vrijdag 23 oktober 2020 10:42
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] new dc does not allow login..?
> 
> To fix this, i would start with. 
> 
> First, set the first AD-DC its resolv.conf to 
> 
> SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src 
> \([0-9.]\+\).*/\1/p')
> search  $(hostname -d) > resolv.conf.new
> nameserver ${SERVER_IP} >> resolv.conf.new
> nameserver 8.8.8.8 # because we want a fallback to internet, 
> for now.  >> resolv.conf.new
> mv /etc/resolv.conf{,.backup}
> mv /etc/resolv.conf.new /etc/resolv.conf
> 
> Verify /etc/resolv.conf and reboot DC1. 
> 
> Wait few min untill DC1 is fully online again. 
> Then on the second DC. 
> 
> SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src 
> \([0-9.]\+\).*/\1/p')
> search  $(hostname -d) > resolv.conf.new
> for x in `host $(hostname -d) |grep -Evi mail|grep -v 
> ${SERVER_IP} |awk '{ print $NF }'` ; \
>  do echo "nameserver ${x}" >> /etc/resolv.conf.new ; done
> nameserver ${SERVER_IP} >> resolv.conf.new
> 
> mv /etc/resolv.conf{,.backup}
> mv /etc/resolv.conf.new /etc/resolv.conf
> 
> Verify /etc/resolv.conf and reboot DC2
> Wait few min untill DC2 is fully online again. 
> 
> Now check replication again, should be fixed and if fixed. 
> Correct resolv.conf again. 
> 
> SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src 
> \([0-9.]\+\).*/\1/p')
> search  $(hostname -d) > resolv.conf.new
> nameserver ${SERVER_IP} >> resolv.conf.new
> for x in `host $(hostname -d) |grep -Evi mail|grep -v 
> ${SERVER_IP} |awk '{ print $NF }'` ; \
>  do echo "nameserver ${x}" >> /etc/resolv.conf.new ; done
> 
> mv /etc/resolv.conf{,.backup-2}
> mv /etc/resolv.conf.new /etc/resolv.conf
> 
> Above should help. 
> 
> If people dont see what i did here. 
> DC1, points to itself for the DNS. 
> DC2, when joining MUST HAVE DC1 as first DNS resolver. 
> DC2, after the join and a reboot after the replication check, 
> Only then you can change the resolver order. 
> 
> If you change resolv.conf to early, your not getting replication
> And that results in missing things in the ad like.. 
> Like the UUID as shown here. 
> > Oct 22 16:17:17 cobra samba[824]:   Failed to bind to uuid 
> e3514235-4b06-11d1-ab04-00c04fc2dcd2 for 
> ncacn_ip_tcp:192.168.177.18[49153,seal,krb5,target_hostname=53
959b67-65fb-493d-8fde-4880ac599> 
> 
> And adding to that, if you use bind9 you have extra steps todo. 
> But i cant tell if you use it. 
> 
> 
> Greetz, 
> 
> Louis
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > Rowland penny via samba
> > Verzonden: donderdag 22 oktober 2020 22:00
> > Aan: sambalist
> > Onderwerp: Re: [Samba] new dc does not allow login..?
> > 
> > On 22/10/2020 20:52, Joachim Lindenberg wrote:
> > > Boa is the other DC. There was a rule that DCs should use 
> > another DC, but I think the arguments behind that 
> > deteriorated over time..
> > I think you are referring to 'islanding', but this doesn't 
> > occur and I 
> > am not sure it ever did.
> > > samba-tool drs showrepl reports errros w/o the change to smb.conf
> > 
> > Then make the change. It may be that various dns records do 
> not exist 
> > and samba-dnsupdate needs to create them
> > 
> > I also think you may have to copy 'dns.keytab' from 
> > /var/lib/samba/private/ to /var/lib/samba/binddns/
> > 
> > Rowland
> > 
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list