[Samba] new dc does not allow login..?
L.P.H. van Belle
belle at bazuin.nl
Fri Oct 23 09:52:23 UTC 2020
Sorry for my blundess..
The correct lines, i forgot the echo's.. :-//
First DC1
SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
echo "search $(hostname -d)" > resolv.conf.new
echo "nameserver ${SERVER_IP}" >> resolv.conf.new
echo "nameserver 8.8.8.8 # because we want a fallback to internet, for now." >> resolv.conf.new
mv /etc/resolv.conf{,.backup}
mv /etc/resolv.conf.new /etc/resolv.conf
# Check resolv.conf before you reboot !
Then DC2 before the reboot of DC2.
SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
echo "search $(hostname -d)" > resolv.conf.new
for x in `host $(hostname -d) |grep -Evi mail|grep -v ${SERVER_IP} |awk '{ print $NF }'` ; \
do echo "nameserver ${x}" >> /etc/resolv.conf.new ; done
echo "nameserver ${SERVER_IP}" >> resolv.conf.new
mv /etc/resolv.conf{,.backup-1}
mv /etc/resolv.conf.new /etc/resolv.conf
# Check resolv.conf before you reboot !
Then DC2 after the reboot of DC2.
SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
echo "search $(hostname -d)" > resolv.conf.new
echo "nameserver ${SERVER_IP}" >> resolv.conf.new
for x in `host $(hostname -d) |grep -Evi mail|grep -v ${SERVER_IP} |awk '{ print $NF }'` ; \
do echo "nameserver ${x}" >> /etc/resolv.conf.new ; done
mv /etc/resolv.conf{,.backup-2}
mv /etc/resolv.conf.new /etc/resolv.conf
# Check resolv.conf before you reboot !
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> L.P.H. van Belle via samba
> Verzonden: vrijdag 23 oktober 2020 10:42
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] new dc does not allow login..?
>
> To fix this, i would start with.
>
> First, set the first AD-DC its resolv.conf to
>
> SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src
> \([0-9.]\+\).*/\1/p')
> search $(hostname -d) > resolv.conf.new
> nameserver ${SERVER_IP} >> resolv.conf.new
> nameserver 8.8.8.8 # because we want a fallback to internet,
> for now. >> resolv.conf.new
> mv /etc/resolv.conf{,.backup}
> mv /etc/resolv.conf.new /etc/resolv.conf
>
> Verify /etc/resolv.conf and reboot DC1.
>
> Wait few min untill DC1 is fully online again.
> Then on the second DC.
>
> SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src
> \([0-9.]\+\).*/\1/p')
> search $(hostname -d) > resolv.conf.new
> for x in `host $(hostname -d) |grep -Evi mail|grep -v
> ${SERVER_IP} |awk '{ print $NF }'` ; \
> do echo "nameserver ${x}" >> /etc/resolv.conf.new ; done
> nameserver ${SERVER_IP} >> resolv.conf.new
>
> mv /etc/resolv.conf{,.backup}
> mv /etc/resolv.conf.new /etc/resolv.conf
>
> Verify /etc/resolv.conf and reboot DC2
> Wait few min untill DC2 is fully online again.
>
> Now check replication again, should be fixed and if fixed.
> Correct resolv.conf again.
>
> SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src
> \([0-9.]\+\).*/\1/p')
> search $(hostname -d) > resolv.conf.new
> nameserver ${SERVER_IP} >> resolv.conf.new
> for x in `host $(hostname -d) |grep -Evi mail|grep -v
> ${SERVER_IP} |awk '{ print $NF }'` ; \
> do echo "nameserver ${x}" >> /etc/resolv.conf.new ; done
>
> mv /etc/resolv.conf{,.backup-2}
> mv /etc/resolv.conf.new /etc/resolv.conf
>
> Above should help.
>
> If people dont see what i did here.
> DC1, points to itself for the DNS.
> DC2, when joining MUST HAVE DC1 as first DNS resolver.
> DC2, after the join and a reboot after the replication check,
> Only then you can change the resolver order.
>
> If you change resolv.conf to early, your not getting replication
> And that results in missing things in the ad like..
> Like the UUID as shown here.
> > Oct 22 16:17:17 cobra samba[824]: Failed to bind to uuid
> e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
> ncacn_ip_tcp:192.168.177.18[49153,seal,krb5,target_hostname=53
959b67-65fb-493d-8fde-4880ac599>
>
> And adding to that, if you use bind9 you have extra steps todo.
> But i cant tell if you use it.
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Rowland penny via samba
> > Verzonden: donderdag 22 oktober 2020 22:00
> > Aan: sambalist
> > Onderwerp: Re: [Samba] new dc does not allow login..?
> >
> > On 22/10/2020 20:52, Joachim Lindenberg wrote:
> > > Boa is the other DC. There was a rule that DCs should use
> > another DC, but I think the arguments behind that
> > deteriorated over time..
> > I think you are referring to 'islanding', but this doesn't
> > occur and I
> > am not sure it ever did.
> > > samba-tool drs showrepl reports errros w/o the change to smb.conf
> >
> > Then make the change. It may be that various dns records do
> not exist
> > and samba-dnsupdate needs to create them
> >
> > I also think you may have to copy 'dns.keytab' from
> > /var/lib/samba/private/ to /var/lib/samba/binddns/
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list