Rowland penny
2015-Dec-10 13:18 UTC
[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
On 10/12/15 13:08, Ole Traupe wrote:> > > Am 09.12.2015 um 17:53 schrieb L.P.H. van Belle: >> Hai Ole, >> >> Can you run on the member where you logged in. >> >> host -t SRV _ldap._tcp.samdom.example.com. >> host -t SRV _kerberos._udp.samdom.example.com. >> >> host -t A dc1.samdom.example.com. >> host -t A dc2.samdom.example.com. >> >> and again with >> search my.domain.tld >> nameserver IP_of_2st_DC >> nameserver IP_of_1nd_DC >> > > Both times the same: > > > [root at server me]# host -t SRV _ldap._tcp.my.domain.tld. > _ldap._tcp.my.domain.tld has SRV record 0 100 389 dc1.my.domain.tld. > > [root at server me]# host -t SRV _kerberos._udp.my.domain.tld. > _kerberos._udp.my.domain.tld has SRV record 0 100 88 dc1.my.domain.tld.You have problems, if you have two DCs, you should get something like this: root at dc1:~# host -t SRV _ldap._tcp.samdom.example.com _ldap._tcp.samdom.example.com has SRV record 0 100 389 dc2.samdom.example.com. _ldap._tcp.samdom.example.com has SRV record 0 100 389 dc1.samdom.example.com. root at dc1:~# host -t SRV _kerberos._udp.samdom.example.com _kerberos._udp.samdom.example.com has SRV record 0 100 88 dc1.samdom.example.com. _kerberos._udp.samdom.example.com has SRV record 0 100 88 dc2.samdom.example.com. Rowland> > [root at server me]# host -t A dc1.my.domain.tld. > dc1.my.domain.tld has address IP_of_FirstDC > > [root at server me]# host -t A dc2.my.domain.tld. > dc2.my.domain.tld has address IP_of_SecondDC > > There is no need to restart network service after altering > resolv.conf, right? > >
Ole Traupe
2015-Dec-10 13:40 UTC
[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
> You have problems, if you have two DCs, you should get something like > this: > > root at dc1:~# host -t SRV _ldap._tcp.samdom.example.com > _ldap._tcp.samdom.example.com has SRV record 0 100 389 > dc2.samdom.example.com. > _ldap._tcp.samdom.example.com has SRV record 0 100 389 > dc1.samdom.example.com. > root at dc1:~# host -t SRV _kerberos._udp.samdom.example.com > _kerberos._udp.samdom.example.com has SRV record 0 100 88 > dc1.samdom.example.com. > _kerberos._udp.samdom.example.com has SRV record 0 100 88 > dc2.samdom.example.com. > > RowlandDefinitely, good! :) However, I have been there, done that: https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins This page says nothing about ldap or kerberos... why?! Ole
Rowland penny
2015-Dec-10 13:49 UTC
[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
On 10/12/15 13:40, Ole Traupe wrote:> >> You have problems, if you have two DCs, you should get something like >> this: >> >> root at dc1:~# host -t SRV _ldap._tcp.samdom.example.com >> _ldap._tcp.samdom.example.com has SRV record 0 100 389 >> dc2.samdom.example.com. >> _ldap._tcp.samdom.example.com has SRV record 0 100 389 >> dc1.samdom.example.com. >> root at dc1:~# host -t SRV _kerberos._udp.samdom.example.com >> _kerberos._udp.samdom.example.com has SRV record 0 100 88 >> dc1.samdom.example.com. >> _kerberos._udp.samdom.example.com has SRV record 0 100 88 >> dc2.samdom.example.com. >> >> Rowland > > Definitely, good! :) > > However, I have been there, done that: > https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins > > This page says nothing about ldap or kerberos... why?! > > Ole > > >Probably because either nobody has noticed the problem or the problem hasn't been reported before. Rowland
L.P.H. van Belle
2015-Dec-10 13:53 UTC
[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
( sorry ) I know about this sinds 28-may-2015 :-/ thats when i noticed this problem. Give me a few min, i'll get some more info.> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny > Verzonden: donderdag 10 december 2015 14:50 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller > initially fails when PDC is offline > > On 10/12/15 13:40, Ole Traupe wrote: > > > >> You have problems, if you have two DCs, you should get something like > >> this: > >> > >> root at dc1:~# host -t SRV _ldap._tcp.samdom.example.com > >> _ldap._tcp.samdom.example.com has SRV record 0 100 389 > >> dc2.samdom.example.com. > >> _ldap._tcp.samdom.example.com has SRV record 0 100 389 > >> dc1.samdom.example.com. > >> root at dc1:~# host -t SRV _kerberos._udp.samdom.example.com > >> _kerberos._udp.samdom.example.com has SRV record 0 100 88 > >> dc1.samdom.example.com. > >> _kerberos._udp.samdom.example.com has SRV record 0 100 88 > >> dc2.samdom.example.com. > >> > >> Rowland > > > > Definitely, good! :) > > > > However, I have been there, done that: > > https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins > > > > This page says nothing about ldap or kerberos... why?! > > > > Ole > > > > > > > > Probably because either nobody has noticed the problem or the problem > hasn't been reported before. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
L.P.H. van Belle
2015-Dec-10 14:04 UTC
[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
Ok, im using the RSAT tools so howto get more info and fix this. Start Active Directory Sites and Services Klik on Sites, Default-First-Site-Name - Server. Your should see you second DC also, if not, you can add it manualy. I dont know the samba-tools commands for this one. In the DNS admin. Go to _msdcs.YOURDOMAIN. Look at the aliasses. These are the names you need in Active Directory Sites and Services You should see also 2 ! aliasses, if you seeing one, this must be fixed first. And ! VERY IMPORTANT !! Under the _msdcs.DOMAINS.. In pdc _tcp here should be ONLY THE PRIMARY DC ! Walk throug the _msdcs for what your missing. I guest, all the second DC entries. Have a look als in zone YOURDOMAIN and looin in the _XXX Here you should have also 1 entry per DC. Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny > Verzonden: donderdag 10 december 2015 14:50 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller > initially fails when PDC is offline > > On 10/12/15 13:40, Ole Traupe wrote: > > > >> You have problems, if you have two DCs, you should get something like > >> this: > >> > >> root at dc1:~# host -t SRV _ldap._tcp.samdom.example.com > >> _ldap._tcp.samdom.example.com has SRV record 0 100 389 > >> dc2.samdom.example.com. > >> _ldap._tcp.samdom.example.com has SRV record 0 100 389 > >> dc1.samdom.example.com. > >> root at dc1:~# host -t SRV _kerberos._udp.samdom.example.com > >> _kerberos._udp.samdom.example.com has SRV record 0 100 88 > >> dc1.samdom.example.com. > >> _kerberos._udp.samdom.example.com has SRV record 0 100 88 > >> dc2.samdom.example.com. > >> > >> Rowland > > > > Definitely, good! :) > > > > However, I have been there, done that: > > https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins > > > > This page says nothing about ldap or kerberos... why?! > > > > Ole > > > > > > > > Probably because either nobody has noticed the problem or the problem > hasn't been reported before. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba