[Samba] Samba 4 AD member loose membership after DC reboot (SOLVED)

Matthias Kühne | Ellerhold AG matthias.kuehne at ellerhold.de
Fri Apr 22 08:01:47 UTC 2022 

Hello Frank,

you could join a 2nd DC as a replica and never reboot all of them at the 
same time.

See here: 
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory

Best regards,

Matthias Kühne.

Am 22.04.22 um 09:50 schrieb Frank via samba:
> Hi everybody,
>
> just in case someone has a similar issue, may be this can help.
>
> Problem was DNS configuration and the way dns resolver works on ubuntu 
> 20.04
>
> Often the way dns resolver use dns servers has been confused. It's 
> supposed when the first dns gets offline, resolver uses next one on 
> the dns list. But,  how long does it take this change?
> And, when the first dns gets online again, is it used again as the 
> first dns to look up?
>
> Well, in ubuntu 20.04, which uses netplan by default, dns resolution 
> works in a dynamic way, and as it is expected. So, when first dns in 
> list goes offline, in few seconds the second one (if there is any) 
> take its place, and remains as the first, even if the previous first 
> dns goes online again. You can see this with "resolvectl status" command.
>
> In my case, the first dns in the list was the DC, as expected, but the 
> next two ones were global dns that were unable to resolve AD queries.
>
> So when DC went offline, may be just a reboot, members took the second 
> dns, and set it as their first dns, even when DC went online again. We 
> thought that when first dns in the list were up again it would be the 
> first one  used again, but it is not how it works.
> That made members unable to works with the AD, unable to find any DC. 
> Just a reboot of the member, or a "netplan apply" made DC was the 
> first dns used again.
>
> Solution: set up ONLY DCs as dns in domain members. Perhaps it sounds 
> obvious, but it has been a nightmare for us.
>
> Best regards.
>
>
> Francesc Bassas Serramià
> Serveis Informàtics Campus Terrassa
> C/ Colom 2
> 08222 Terrassa (Barcelona)
> Telèfon : 93.73.98630
> https://serveis.terrassa.upc.edu/sict
>
> El 1/4/2022 a les 14:00, samba-request at lists.samba.org ha escrit:
>> Assumpte:
>> Re: [Samba] Samba 4 AD member loose membership after DC reboot
>> De:
>> Rowland Penny <rpenny at samba.org>
>> Data:
>> 31/3/2022, 15:56
>>
>> A:
>> samba at lists.samba.org
>>
>>
>> On Thu, 2022-03-31 at 14:29 +0200, Frank via samba wrote:
>>> Hi Rowland,
>>>
>>> thanks for your quick response.
>>>
>>> Here it is a member smb.conf:
>>>
>>> # Global parameters
>>> [global]
>>>           workgroup = UPC-CT
>>>           realm = UPC-CT.UPC.EDU
>>>           netbios name = RADI
>>>           netbios aliases = RADI.UPC.ES RADI.UPC.EDU
>> You cannot use netbios aliases on a Unix domain member, use a CNAME
>> instead.
>>
>>>           security = ADS
>>>
>>>           log level = 5
>>>           username map = /var/lib/samba/user.map
>>>
>>>           winbind enum users = yes
>>>           winbind enum groups = yes
>> Remove the above two lines when you are sure everything is working
>> correctly, they should not be used in production.
>>
>>>           winbind nss info = rfc2307
>>>           winbind use default domain = Yes
>>>           winbind refresh tickets = yes
>>>           winbind offline logon = yes
>>>           winbind cache time = 60
>>>
>>> idmap config * : backend = tdb
>>> idmap config * : range = 100-499
>>> idmap config UPC-CT:backend = ad
>>> idmap config UPC-CT:schema_mode = rfc2307
>>> idmap config UPC-CT:range = 500-999999
>>> idmap config UPC-CT:unix_nss_info = yes
>> Was this an upgrade from an NT4-style domain ?
>> Even if it was, your '*' range is clobbering local system users.
>>
>> Rowland
>>
>>
>>
>>
-- 
Matthias Kühne
Senior Webentwickler
Datenschutzbeauftragter

Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul

Telefon: +49 (0) 351 83933-61
Telefax: +49 (0) 351 83933-99

Web     www.ellerhold.de
Twitter www.twitter.com/Ellerhold_AG
Youtube www.youtube.com/user/ellerholdgruppe

Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold



---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges löschen dieser E-Mail und der Anlagen.

Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/

This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments.

You can find our privacy policy here: http://www.ellerhold.de/datenschutz/

More information about the samba mailing list