Gary Wright
2014-Aug-27 12:04 UTC
[Samba] Replicated Failover Domain Controller and file server using LDAP
Hi All thought I'd post my results from following your notes when trying to replicate my Samba PDC onto a Samba BDC as seen here https://wiki.samba.org/index.php/1.0._Configuring_Samba everything seemed to work as described until I got into the 'Initialization LDAP Database' and preloading the edited "preload-differentialdesign.ldif" file, kept getting a failure from the "dn: sambaDomainName= DDESIGN ,ou=Domains,dc= differentialdesign ,dc= org " section, no matter what options I used. Looking at my /var/log/messages on both my DC1 & DC2 I could see continual errors trying to access our either of our 2 DNS servers (example below) Aug 25 16:37:55 dc1 samba[2009]: [2014/08/25 16:37:55.120350, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) Aug 25 16:37:55 dc1 samba[2009]: /usr/local/samba/sbin/samba_dnsupdate: 25-Aug-2014 16:37:55.120 dispatch 0x7f3734031db0: shutting down due to TCP receive error: 10.5.31.11#53: connection reset Aug 25 16:37:55 dc1 samba[2009]: [2014/08/25 16:37:55.120519, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) Aug 25 16:37:55 dc1 samba[2009]: /usr/local/samba/sbin/samba_dnsupdate: ; Communication with 10.5.31.11#53 failed: unexpected error though both DNS servers were accessible and resolving addresses perfectly normally. I started to troubleshoot the samba status more closely and came across the 'samba_dnsupdate --verbose' command. This gave me a detailed list failures/successes trying to access DNS server records from both DC's [root at dc1 ~]# samba_dnsupdate --verbose IPs: ['10.5.15.11'] Looking for DNS entry A tmxatrium.lan 10.5.15.11 as tmxatrium.lan. Looking for DNS entry A dc1.tmxatrium.lan 10.5.15.11 as dc1.tmxatrium.lan. Looking for DNS entry A gc._msdcs.tmxatrium.lan 10.5.15.11 as gc._msdcs.tmxatrium.lan. Failed to find matching DNS entry A gc._msdcs.tmxatrium.lan 10.5.15.11 as gc._msdcs.tmxatrium.lan Looking for DNS entry CNAME 7e32e874-8f2b-459f-b54f-bc96162e4afb._msdcs.tmxatrium.lan dc1.tmxatrium.lan as 7e32e874-8f2b-459f-b54f-bc96162e4afb._msdcs.tmxatrium.lan. Failed to find DNS entry CNAME 7e32e874-8f2b-459f-b54f-bc96162e4afb._msdcs.tmxatrium.lan dc1.tmxatrium.lan etc etc I then simply created the DNS records for each of the failures then restarted SAMBA on my BDC, et voila my account information replicated perfectly. I'm clearly not using LDAP but I'm not sure I actually need to ?? Is there any advantage ?? Regards Gary Gary Wright System Administrator 7th floor, Becket House, 36 Old Jewry London, UK, EC2R 8DD ? gary.wright @tmxatrium.com Office: +44 203 194 2536 Mobile: +44 7823 773 262
Rowland Penny
2014-Oct-01 07:22 UTC
[Samba] Replicated Failover Domain Controller and file server using LDAP
On 27/08/14 12:54, Gary Wright wrote:> Hi All > > thought I'd post my results from following your notes when trying to replicate my Samba PDC onto a Samba BDC as seen here > > https://wiki.samba.org/index.php/1.0._Configuring_Samba > > everything seemed to work as described until I got into the 'Initialization LDAP Database' and preloading the edited "preload-differentialdesign.ldif" file, kept getting a failure from the > > "dn: sambaDomainName= DDESIGN ,ou=Domains,dc= differentialdesign ,dc= org " > > section, no matter what options I used. > > Looking at my /var/log/messages on both my DC1 & DC2 I could see continual errors trying to access our either of our 2 DNS servers (example below) > > Aug 25 16:37:55 dc1 samba[2009]: [2014/08/25 16:37:55.120350, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) > Aug 25 16:37:55 dc1 samba[2009]: /usr/local/samba/sbin/samba_dnsupdate: 25-Aug-2014 16:37:55.120 dispatch 0x7f3734031db0: shutting down due to TCP receive error: 10.5.31.11#53: connection reset > Aug 25 16:37:55 dc1 samba[2009]: [2014/08/25 16:37:55.120519, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) > Aug 25 16:37:55 dc1 samba[2009]: /usr/local/samba/sbin/samba_dnsupdate: ; Communication with 10.5.31.11#53 failed: unexpected error > > though both DNS servers were accessible and resolving addresses perfectly normally. > > I started to troubleshoot the samba status more closely and came across the 'samba_dnsupdate --verbose' command. This gave me a detailed list failures/successes trying to access DNS server records from both DC's > > [root at dc1 ~]# samba_dnsupdate --verbose > IPs: ['10.5.15.11'] > Looking for DNS entry A tmxatrium.lan 10.5.15.11 as tmxatrium.lan. > Looking for DNS entry A dc1.tmxatrium.lan 10.5.15.11 as dc1.tmxatrium.lan. > Looking for DNS entry A gc._msdcs.tmxatrium.lan 10.5.15.11 as gc._msdcs.tmxatrium.lan. > Failed to find matching DNS entry A gc._msdcs.tmxatrium.lan 10.5.15.11 as gc._msdcs.tmxatrium.lan > Looking for DNS entry CNAME 7e32e874-8f2b-459f-b54f-bc96162e4afb._msdcs.tmxatrium.lan dc1.tmxatrium.lan as 7e32e874-8f2b-459f-b54f-bc96162e4afb._msdcs.tmxatrium.lan. > Failed to find DNS entry CNAME 7e32e874-8f2b-459f-b54f-bc96162e4afb._msdcs.tmxatrium.lan dc1.tmxatrium.lan > etc > etc > > > I then simply created the DNS records for each of the failures then restarted SAMBA on my BDC, et voila my account information replicated perfectly. > > I'm clearly not using LDAP but I'm not sure I actually need to ?? Is there any advantage ?? > > > Regards > > Gary > > > > Gary Wright > > > System Administrator > > > 7th floor, Becket House, 36 Old Jewry > > London, UK, EC2R 8DD > > > > > > ? gary.wright @tmxatrium.com > > > Office: +44 203 194 2536 > Mobile: +44 7823 773 262 > > > > > > > >Hi, I 'think' that I can see your problem here, you are obviously using samba 4.1.x and you are following a howto last updated approx 7 years ago. You have set samba as an NT4-style domain controller, which is ok, but you are now trying to use tools that are meant to be used with the dns server built into samba4, I do not think they will work with your setup, is there any reason that you do not want to use an AD DC domain?? Rowland