samba - Jun 2015 - Samba4 Secondary DC as Backup DC (redundancy)

Hi,

I've sucessfull created a secondary DC using the wiki manual (
https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is working
perfectly, user and groups are synced on both and I can use any of them for
login using clients like Owncloud, Prosody, python scripts...

Now my question is: ?how I can use that secondary DC as backup when the
main fails?.

I've tried to disable the main AD daemon but clients don't try to connet
to
secondary DC, then all fails...

Greetings and Thanks!!

On 6/23/2015 1:58 PM, Daniel Carrasco Mar?n wrote:
> Hi,
>
> I've sucessfull created a secondary DC using the wiki manual (
> https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is working
> perfectly, user and groups are synced on both and I can use any of them for
> login using clients like Owncloud, Prosody, python scripts...
>
> Now my question is: ?how I can use that secondary DC as backup when the
> main fails?.
>
> I've tried to disable the main AD daemon but clients don't try to
connet to
> secondary DC, then all fails...
>
> Greetings and Thanks!!
Hello,

    Did you set DNS on the client to point to the other DC?

-- 
-James

On 23/06/15 18:58, Daniel Carrasco Mar?n wrote:
> Hi,
>
> I've sucessfull created a secondary DC using the wiki manual (
> https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is working
> perfectly, user and groups are synced on both and I can use any of them for
> login using clients like Owncloud, Prosody, python scripts...
>
> Now my question is: ?how I can use that secondary DC as backup when the
> main fails?.
>
> I've tried to disable the main AD daemon but clients don't try to
connet to
> secondary DC, then all fails...
>
> Greetings and Thanks!!
OK, how do the clients get their ipaddress etc, is this by DHCP or do 
they have static addresses ?

If it is by DHCP, then the dhcp server needs to push out both DCs as 
nameservers, if static, then each client needs to be set to use both DCs 
as nameservers.

The DCs need to be set to use each other as nameservers, falling back to 
themselves in case of failure i.e. /etc/resolv.conf needs to be this:

search samdom.example.com
nameserver 192.168.0.3
nameserver 192.168.0.2

Where 'samdom.example.com' is your domain name
192.168.0.3 is the other DC
192.168.0.2 is the DC this /etc/resolv.conf is on

Swap the two nameserver on the other DC.

Rowland

El 23/6/2015 8:08 p. m., "James" <lingpanda101 at gmail.com>
escribi?:
>
> On 6/23/2015 1:58 PM, Daniel Carrasco Mar?n wrote:
> > Hi,
> >
> > I've sucessfull created a secondary DC using the wiki manual (
> > https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is
working
> > perfectly, user and groups are synced on both and I can use any of
them
for
> > login using clients like Owncloud, Prosody, python scripts...
> >
> > Now my question is: ?how I can use that secondary DC as backup when
the
> > main fails?.
> >
> > I've tried to disable the main AD daemon but clients don't try
to
connet to
> > secondary DC, then all fails...
> >
> > Greetings and Thanks!!
> Hello,
>
>     Did you set DNS on the client to point to the other DC?
>
> --
> -James
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
Nope, but i want to know if there is any way to make it automatic, because
if i've to change all clients DNS when it fails, then is not a good
redundancy...

Thanks!!

On Tue, 23 Jun 2015, Rowland Penny wrote:
> On 23/06/15 18:58, Daniel Carrasco Mar?n wrote:
>>  Hi,
>>
>>  I've sucessfull created a secondary DC using the wiki manual (
>>  https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is
working
>>  perfectly, user and groups are synced on both and I can use any of
them
>>  for
>>  login using clients like Owncloud, Prosody, python scripts...
>>
>>  Now my question is: ?how I can use that secondary DC as backup when
the
>>  main fails?.
>
> If it is by DHCP, then the dhcp server needs to push out both DCs as 
> nameservers, if static, then each client needs to be set to use both DCs as
> nameservers.
His quetion is a bit vague, but I would also assume he is using LDAP for 
authentication on Owncloud, etc.  In that case, he also needs LDAP to fail 
over.  Generally, you can just point LDAP clients at
"your.ADdomain.com"
(whatever it is), which resolves to the IP addresses of all of your DCs. 
If they fail to connect, they will usually retry and get another address, 
and connect to a different DC.

El 23/6/2015 8:11 p. m., "Rowland Penny" <rowlandpenny at
googlemail.com>
escribi?:
>
> On 23/06/15 18:58, Daniel Carrasco Mar?n wrote:
>>
>> Hi,
>>
>> I've sucessfull created a secondary DC using the wiki manual (
>> https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is working
>> perfectly, user and groups are synced on both and I can use any of them
for
>> login using clients like Owncloud, Prosody, python scripts...
>>
>> Now my question is: ?how I can use that secondary DC as backup when the
>> main fails?.
>>
>> I've tried to disable the main AD daemon but clients don't try
to connet
to
>> secondary DC, then all fails...
>>
>> Greetings and Thanks!!
>
>
> OK, how do the clients get their ipaddress etc, is this by DHCP or do
they have static addresses ?
>
> If it is by DHCP, then the dhcp server needs to push out both DCs as
nameservers, if static, then each client needs to be set to use both DCs as
nameservers.
>
> The DCs need to be set to use each other as nameservers, falling back to
themselves in case of failure i.e. /etc/resolv.conf needs to be
this:
>
> search samdom.example.com
> nameserver 192.168.0.3
> nameserver 192.168.0.2
>
> Where 'samdom.example.com' is your domain name
> 192.168.0.3 is the other DC
> 192.168.0.2 is the DC this /etc/resolv.conf is on
>
> Swap the two nameserver on the other DC.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
I see. I'll take a look tomorrow.

I'm migrating an old samba domain, then for now i've clients with mixed
DHCP (ip by DHCP, but DNS is static).

Thanks!!