L.P.H. van Belle
2015-Dec-10 07:32 UTC
[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
> I have been doing some testing with dns and with the internal dns > server, even if you add another NS to the SOA record, you only have one > NS. It seems the only way to get each DC to think it is a NS, is to use > bind9. >Hai A good to know, some versions of samba, i dont know which do have this problem also if u use bind9_dlz. So, my question to the readers, if you use samba4 DC with bind9_DLZ and you have 2 or more DC's, check all you zones of you have also the same number of NS servers. I know from my install, i had only 1 DC as NS record, i manualy added the second the zones. Greetz, Louis
Rowland penny
2015-Dec-10 09:09 UTC
[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
On 10/12/15 07:32, L.P.H. van Belle wrote:>> I have been doing some testing with dns and with the internal dns >> server, even if you add another NS to the SOA record, you only have one >> NS. It seems the only way to get each DC to think it is a NS, is to use >> bind9. >> > Hai > > A good to know, some versions of samba, i dont know which do have this problem also if u use bind9_dlz. > > So, my question to the readers, if you use samba4 DC with bind9_DLZ and you have 2 or more DC's, check all you zones of you have also the same number of NS servers. > > I know from my install, i had only 1 DC as NS record, i manualy added the second the zones. > > Greetz, > > Louis > > > >You will only have 1 DC as NS, nothing adds the second (or any other subsequent DCs) NS record to the SOA records. Rowland
L.P.H. van Belle
2015-Dec-10 09:23 UTC
[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
I was wondering why because in a full windows domain, every DC has an NS record.> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny > Verzonden: donderdag 10 december 2015 10:10 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller > initially fails when PDC is offline > > On 10/12/15 07:32, L.P.H. van Belle wrote: > >> I have been doing some testing with dns and with the internal dns > >> server, even if you add another NS to the SOA record, you only have one > >> NS. It seems the only way to get each DC to think it is a NS, is to use > >> bind9. > >> > > Hai > > > > A good to know, some versions of samba, i dont know which do have this > problem also if u use bind9_dlz. > > > > So, my question to the readers, if you use samba4 DC with bind9_DLZ and > you have 2 or more DC's, check all you zones of you have also the same > number of NS servers. > > > > I know from my install, i had only 1 DC as NS record, i manualy added > the second the zones. > > > > Greetz, > > > > Louis > > > > > > > > > > You will only have 1 DC as NS, nothing adds the second (or any other > subsequent DCs) NS record to the SOA records. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
2015-Dec-10 09:41 UTC
[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
On 10/12/15 09:23, L.P.H. van Belle wrote:> I was wondering why because in a full windows domain, every DC has an NS record. > >When you join a DC, the basic info is added to AD and then when the samba deamon is started, samba_dnsupdate is run, this uses the file dns_update_list to add (if required) various dns records. Guess what dns records are not in that file? However, even if you add the missing NS records to the SOA records, if you use the internal dns server, you will still only have one NS, this appears to be your first DC. I am beginning to think that if you have more than one DC, you should forget the internal DNS server and use BIND_DLZ instead. Rowland
L.P.H. van Belle
2015-Dec-10 10:44 UTC
[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
Hai, Ah, ok, wel, yeah, i was missing the NS on the SOA. This is imo a bug, i dont know it this is by design for samba, so maybe a samba dev can answere this since every joined DC should have a NS record on the SOA as far as i know, but thats my opinion and i can be wrong here. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny > Verzonden: donderdag 10 december 2015 10:41 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller > initially fails when PDC is offline > > On 10/12/15 09:23, L.P.H. van Belle wrote: > > I was wondering why because in a full windows domain, every DC has an NS > record. > > > > > > When you join a DC, the basic info is added to AD and then when the > samba deamon is started, samba_dnsupdate is run, this uses the file > dns_update_list to add (if required) various dns records. Guess what dns > records are not in that file? > > However, even if you add the missing NS records to the SOA records, if > you use the internal dns server, you will still only have one NS, this > appears to be your first DC. I am beginning to think that if you have > more than one DC, you should forget the internal DNS server and use > BIND_DLZ instead. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Reasonably Related Threads
- Authentication to Secondary Domain Controller initially fails when PDC is offline
- Authentication to Secondary Domain Controller initially fails when PDC is offline
- Authentication to Secondary Domain Controller initially fails when PDC is offline
- Authentication to Secondary Domain Controller initially fails when PDC is offline
- Authentication to Secondary Domain Controller initially fails when PDC is offline