On Fri, 2012-12-28 at 16:10 -0600, Morgan Toal wrote:> Hi Samba List!
>
> Used samba3 for years, now it's time for samba4 (thanks!!!)
> Unfortunately I am not familiar with certain microsoft concepts about AD
> and the roles of domain controllers.
>
> I've got three vm's for my experiments:
> 1) a samba4 domain controller test1.test.local
> 2) a samba4 additional domain controller test2 joined to my domain
> test.local.
> 3) a win7 workstation that is joined to domain test.local and has ip's
> of both test1 and test2 for dns
>
> If I understand correctly, dns and ad are synchronized between test1 and
> test2 per samba-tool drs show-repl
>
> What I want, is to have a test2 be a failover domain controller if test1
> is offline for some reason.
>
> My experiment went like this:
>
> 1) service samba4 stop on test1.test.local to simulate failure
> 2) still log in on win7 workstation to test2, i think this is due to
> cached credentials
> 3) call up active directory users and computers on win7
> 4) make some changes to ad and have those replicated from test2->test1
> when it comes back online
>
> However, I get the message on the win7 vm:
>
> "Naming information cannot be located because: the system detected a
> possible attempt to compromise security. Please ensure that you can
> contact the server that authenticated you. Contact your system
> administrator to verify that your domain is properly configured and is
> currently online."
>
> Any suggestions?
> Is there something I need to do to "pass the hat" to test2?
> Can it be passed back to test1 afterward?
There should be no need to manually "pass the hat" for anything like
this. There are a small number of "FSMO" roles (for things that have
to
be done on one server) but these should not be needed for simple changes
you would be doing during your tests.
You will need to start getting some logs and network captures to work
out what is really going on here, so we can help you pin down the actual
issue.
https://wiki.samba.org/index.php/Capture_Packets
Sorry,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org