samba - Jun 2015 - Samba4 Secondary DC as Backup DC (redundancy)

On Tue, 23 Jun 2015, Rowland Penny wrote:
> On 23/06/15 18:58, Daniel Carrasco Mar?n wrote:
>>  Hi,
>>
>>  I've sucessfull created a secondary DC using the wiki manual (
>>  https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is
working
>>  perfectly, user and groups are synced on both and I can use any of
them
>>  for
>>  login using clients like Owncloud, Prosody, python scripts...
>>
>>  Now my question is: ?how I can use that secondary DC as backup when
the
>>  main fails?.
>
> If it is by DHCP, then the dhcp server needs to push out both DCs as 
> nameservers, if static, then each client needs to be set to use both DCs as
> nameservers.
His quetion is a bit vague, but I would also assume he is using LDAP for 
authentication on Owncloud, etc.  In that case, he also needs LDAP to fail 
over.  Generally, you can just point LDAP clients at
"your.ADdomain.com"
(whatever it is), which resolves to the IP addresses of all of your DCs. 
If they fail to connect, they will usually retry and get another address, 
and connect to a different DC.

El 23/6/2015 8:33 p. m., "Sketch" <smblist at rednsx.org>
escribi?:
>
> On Tue, 23 Jun 2015, Rowland Penny wrote:
>
>> On 23/06/15 18:58, Daniel Carrasco Mar?n wrote:
>>>
>>>  Hi,
>>>
>>>  I've sucessfull created a secondary DC using the wiki manual (
>>>  https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is
working
>>>  perfectly, user and groups are synced on both and I can use any of
them
>>>  for
>>>  login using clients like Owncloud, Prosody, python scripts...
>>>
>>>  Now my question is: ?how I can use that secondary DC as backup
when the
>>>  main fails?.
>>
>>
>> If it is by DHCP, then the dhcp server needs to push out both DCs as
nameservers, if static, then each client needs to be set to use both DCs as
nameservers.
>
>
> His quetion is a bit vague, but I would also assume he is using LDAP for
authentication on Owncloud, etc.  In that case, he also needs LDAP to fail
over.  Generally, you can just point LDAP clients at
"your.ADdomain.com"
(whatever it is), which resolves to the IP addresses of all of your DCs. If
they fail to connect, they will usually retry and get another address, and
connect to a different DC.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
Thanks!!

Yes, i forgot to say that the clients are windows 7 clients. On my owncloud
server i can put both LDAP servers then i think that if main fails it will
check the secondary (i've not tried yet).

Greetings!!

2015-06-23 20:47 GMT+02:00 Daniel Carrasco Mar?n <danielmadrid19 at
gmail.com>:
>
> El 23/6/2015 8:33 p. m., "Sketch" <smblist at rednsx.org>
escribi?:
> >
> > On Tue, 23 Jun 2015, Rowland Penny wrote:
> >
> >> On 23/06/15 18:58, Daniel Carrasco Mar?n wrote:
> >>>
> >>>  Hi,
> >>>
> >>>  I've sucessfull created a secondary DC using the wiki
manual (
> >>>  https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and
is
> working
> >>>  perfectly, user and groups are synced on both and I can use
any of
> them
> >>>  for
> >>>  login using clients like Owncloud, Prosody, python scripts...
> >>>
> >>>  Now my question is: ?how I can use that secondary DC as
backup when
> the
> >>>  main fails?.
> >>
> >>
> >> If it is by DHCP, then the dhcp server needs to push out both DCs
as
> nameservers, if static, then each client needs to be set to use both DCs as
> nameservers.
> >
> >
> > His quetion is a bit vague, but I would also assume he is using LDAP
for
> authentication on Owncloud, etc.  In that case, he also needs LDAP to fail
> over.  Generally, you can just point LDAP clients at
"your.ADdomain.com"
> (whatever it is), which resolves to the IP addresses of all of your DCs. If
> they fail to connect, they will usually retry and get another address, and
> connect to a different DC.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
> Thanks!!
>
> Yes, i forgot to say that the clients are windows 7 clients. On my
> owncloud server i can put both LDAP servers then i think that if main fails
> it will check the secondary (i've not tried yet).
>
> Greetings!!
>
Thanks Rowland,

Finally is working. Now when i run a "nslookup domain.com" or
"host
domain.com" i get both IP addresses, and if i stop the main DC all still
working without problem. Even the command "nltest /dsgetdc:domain"
shows
how the Windows machine is using the secondary DC.
One quesiton: ?Can i add more DC as backup using the same steps?.

Of course all cannot be perfect, and now I've a python script with a weird
problem: When i use secure ldap i can't query to root using base DN
("DC=domain,DC=com"). I only can if I use an OU in base DN
("OU=Users,DC=domain,DC=com"). All works if I use normal ldap.
Someone knows a way to query to root using an OU in base DN?

Greetings!!