I would appreciate any hint about this topic. Thanks.
On Tue, Sep 6, 2022 at 4:06 PM tizo <tizone at gmail.com>
wrote:>
> After making some configurations about AD sites in our two Samba AD DC
> environment, it seems to me that something is not right. Particularly
> we created two AD Sites (site1 and site2) in Active Directory Sites
> and Services, moved the DCs to the sites created (dc1 to site1 and dc2
> to site2), created a new link and the necessary subnets.
>
> Now when I query the DNS service for ldap or kerberos for a particular
> site, the result contains both DC (we have rebooted all the components
> just in case). The following example shows the general query first,
> and then the query for the specific sites (the same thing happens when
> querying the other DC):
>
> $ nslookup -type=srv _ldap._tcp.aaa.bbb.ccc dc1.aaa.bbb.ccc
> Server: dc1.aaa.bbb.ccc
> Address: X.X.X.X#53
>
> _ldap._tcp.aaa.bbb.ccc service = 0 100 389 dc1.aaa.bbb.ccc.
> _ldap._tcp.aaa.bbb.ccc service = 0 100 389 dc2.aaa.bbb.ccc.
>
> $ nslookup -type=srv _ldap._tcp.site1._sites.dc._msdcs.aaa.bbb.ccc
> dc1.aaa.bbb.ccc
> Server: dc1.aaa.bbb.ccc
> Address: X.X.X.X#53
>
> _ldap._tcp.site1._sites.dc._msdcs.aaa.bbb.ccc service = 0 100 389
> dc1.aaa.bbb.ccc.
> _ldap._tcp.site1._sites.dc._msdcs.aaa.bbb.ccc service = 0 100 389
> dc2.aaa.bbb.ccc.
>
> $ nslookup -type=srv _ldap._tcp.site2._sites.dc._msdcs.aaa.bbb.ccc
> dc1.aaa.bbb.ccc
> Server: dc1.aaa.bbb.ccc
> Address: X.X.X.X#53
>
> _ldap._tcp.site2._sites.dc._msdcs.aaa.bbb.ccc service = 0 100 389
> dc1.aaa.bbb.ccc.
> _ldap._tcp.site2._sites.dc._msdcs.aaa.bbb.ccc service = 0 100 389
> dc2.aaa.bbb.ccc.
>
> Shouldn't the answer be just one DC for each site (the corresponding
one)?.
>
> Besides, after making some tests with a Windows client, it doesn't
> always log on to the DC in the client corresponding site.
>
> Samba version is 4.16.4.
>
> Thanks very much,
>
> tizo