samba - Jun 2015 - Samba4 Secondary DC as Backup DC (redundancy)

2015-06-23 20:47 GMT+02:00 Daniel Carrasco Mar?n <danielmadrid19 at
gmail.com>:
>
> El 23/6/2015 8:33 p. m., "Sketch" <smblist at rednsx.org>
escribi?:
> >
> > On Tue, 23 Jun 2015, Rowland Penny wrote:
> >
> >> On 23/06/15 18:58, Daniel Carrasco Mar?n wrote:
> >>>
> >>>  Hi,
> >>>
> >>>  I've sucessfull created a secondary DC using the wiki
manual (
> >>>  https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and
is
> working
> >>>  perfectly, user and groups are synced on both and I can use
any of
> them
> >>>  for
> >>>  login using clients like Owncloud, Prosody, python scripts...
> >>>
> >>>  Now my question is: ?how I can use that secondary DC as
backup when
> the
> >>>  main fails?.
> >>
> >>
> >> If it is by DHCP, then the dhcp server needs to push out both DCs
as
> nameservers, if static, then each client needs to be set to use both DCs as
> nameservers.
> >
> >
> > His quetion is a bit vague, but I would also assume he is using LDAP
for
> authentication on Owncloud, etc.  In that case, he also needs LDAP to fail
> over.  Generally, you can just point LDAP clients at
"your.ADdomain.com"
> (whatever it is), which resolves to the IP addresses of all of your DCs. If
> they fail to connect, they will usually retry and get another address, and
> connect to a different DC.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
> Thanks!!
>
> Yes, i forgot to say that the clients are windows 7 clients. On my
> owncloud server i can put both LDAP servers then i think that if main fails
> it will check the secondary (i've not tried yet).
>
> Greetings!!
>
Thanks Rowland,

Finally is working. Now when i run a "nslookup domain.com" or
"host
domain.com" i get both IP addresses, and if i stop the main DC all still
working without problem. Even the command "nltest /dsgetdc:domain"
shows
how the Windows machine is using the secondary DC.
One quesiton: ?Can i add more DC as backup using the same steps?.

Of course all cannot be perfect, and now I've a python script with a weird
problem: When i use secure ldap i can't query to root using base DN
("DC=domain,DC=com"). I only can if I use an OU in base DN
("OU=Users,DC=domain,DC=com"). All works if I use normal ldap.
Someone knows a way to query to root using an OU in base DN?

Greetings!!

2015-06-24 11:12 GMT+02:00 Daniel Carrasco Mar?n <danielmadrid19 at
gmail.com>:
>
>
> 2015-06-23 20:47 GMT+02:00 Daniel Carrasco Mar?n <danielmadrid19 at
gmail.com
> >:
>
>>
>> El 23/6/2015 8:33 p. m., "Sketch" <smblist at
rednsx.org> escribi?:
>> >
>> > On Tue, 23 Jun 2015, Rowland Penny wrote:
>> >
>> >> On 23/06/15 18:58, Daniel Carrasco Mar?n wrote:
>> >>>
>> >>>  Hi,
>> >>>
>> >>>  I've sucessfull created a secondary DC using the wiki
manual (
>> >>>  https://wiki.samba.org/index.php/Join_a_domain_as_a_DC),
and is
>> working
>> >>>  perfectly, user and groups are synced on both and I can
use any of
>> them
>> >>>  for
>> >>>  login using clients like Owncloud, Prosody, python
scripts...
>> >>>
>> >>>  Now my question is: ?how I can use that secondary DC as
backup when
>> the
>> >>>  main fails?.
>> >>
>> >>
>> >> If it is by DHCP, then the dhcp server needs to push out both
DCs as
>> nameservers, if static, then each client needs to be set to use both
DCs as
>> nameservers.
>> >
>> >
>> > His quetion is a bit vague, but I would also assume he is using
LDAP
>> for authentication on Owncloud, etc.  In that case, he also needs LDAP
to
>> fail over.  Generally, you can just point LDAP clients at "
>> your.ADdomain.com" (whatever it is), which resolves to the IP
addresses
>> of all of your DCs. If they fail to connect, they will usually retry
and
>> get another address, and connect to a different DC.
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>>
>> Thanks!!
>>
>> Yes, i forgot to say that the clients are windows 7 clients. On my
>> owncloud server i can put both LDAP servers then i think that if main
fails
>> it will check the secondary (i've not tried yet).
>>
>> Greetings!!
>>
> Thanks Rowland,
>
> Finally is working. Now when i run a "nslookup domain.com" or
"host
> domain.com" i get both IP addresses, and if i stop the main DC all
still
> working without problem. Even the command "nltest
/dsgetdc:domain" shows
> how the Windows machine is using the secondary DC.
> One quesiton: ?Can i add more DC as backup using the same steps?.
>
> Of course all cannot be perfect, and now I've a python script with a
weird
> problem: When i use secure ldap i can't query to root using base DN
> ("DC=domain,DC=com"). I only can if I use an OU in base DN
> ("OU=Users,DC=domain,DC=com"). All works if I use normal ldap.
> Someone knows a way to query to root using an OU in base DN?
>
> Greetings!!
>
Hi again...

Finally i think that i'll to rollback the trick, because i don't know
why
but now all user GPO's are ignored and when I try to get the result with
gporesult i get an error similar to "the user don't have RSOP
data". Even
the computer don't back to main DC when it's online.

Anyway, thanks for all.

Hi all,

I'm looking for the same setup: two samba ad servers to back up each other
on failover. Have you managed to find a viable solution?

Thanks in advance!

2015-06-24 19:41 GMT+03:00 Daniel Carrasco Marín <danielmadrid19 at
gmail.com>:
> 2015-06-24 11:12 GMT+02:00 Daniel Carrasco Marín <danielmadrid19 at
gmail.com
> >:
>
> >
> >
> > 2015-06-23 20:47 GMT+02:00 Daniel Carrasco Marín <
> danielmadrid19 at gmail.com
> > >:
> >
> >>
> >> El 23/6/2015 8:33 p. m., "Sketch" <smblist at
rednsx.org> escribió:
> >> >
> >> > On Tue, 23 Jun 2015, Rowland Penny wrote:
> >> >
> >> >> On 23/06/15 18:58, Daniel Carrasco Marín wrote:
> >> >>>
> >> >>>  Hi,
> >> >>>
> >> >>>  I've sucessfull created a secondary DC using the
wiki manual (
> >> >>> 
https://wiki.samba.org/index.php/Join_a_domain_as_a_DC), and is
> >> working
> >> >>>  perfectly, user and groups are synced on both and I
can use any of
> >> them
> >> >>>  for
> >> >>>  login using clients like Owncloud, Prosody, python
scripts...
> >> >>>
> >> >>>  Now my question is: ¿how I can use that secondary DC
as backup when
> >> the
> >> >>>  main fails?.
> >> >>
> >> >>
> >> >> If it is by DHCP, then the dhcp server needs to push out
both DCs as
> >> nameservers, if static, then each client needs to be set to use
both
> DCs as
> >> nameservers.
> >> >
> >> >
> >> > His quetion is a bit vague, but I would also assume he is
using LDAP
> >> for authentication on Owncloud, etc.  In that case, he also needs
LDAP
> to
> >> fail over.  Generally, you can just point LDAP clients at "
> >> your.ADdomain.com" (whatever it is), which resolves to the IP
addresses
> >> of all of your DCs. If they fail to connect, they will usually
retry and
> >> get another address, and connect to a different DC.
> >> > --
> >> > To unsubscribe from this list go to the following URL and
read the
> >> > instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >> Thanks!!
> >>
> >> Yes, i forgot to say that the clients are windows 7 clients. On my
> >> owncloud server i can put both LDAP servers then i think that if
main
> fails
> >> it will check the secondary (i've not tried yet).
> >>
> >> Greetings!!
> >>
> > Thanks Rowland,
> >
> > Finally is working. Now when i run a "nslookup domain.com"
or "host
> > domain.com" i get both IP addresses, and if i stop the main DC
all still
> > working without problem. Even the command "nltest
/dsgetdc:domain" shows
> > how the Windows machine is using the secondary DC.
> > One quesiton: ¿Can i add more DC as backup using the same steps?.
> >
> > Of course all cannot be perfect, and now I've a python script with
a
> weird
> > problem: When i use secure ldap i can't query to root using base
DN
> > ("DC=domain,DC=com"). I only can if I use an OU in base DN
> > ("OU=Users,DC=domain,DC=com"). All works if I use normal
ldap.
> > Someone knows a way to query to root using an OU in base DN?
> >
> > Greetings!!
> >
>
> Hi again...
>
> Finally i think that i'll to rollback the trick, because i don't
know why
> but now all user GPO's are ignored and when I try to get the result
with
> gporesult i get an error similar to "the user don't have RSOP
data". Even
> the computer don't back to main DC when it's online.
>
> Anyway, thanks for all.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>