Hello, I am currently testing for Samba4. The creation of the domain and the secondary Dc implementation works well. But by performing tests for a fail over situation I realized that when the DC that created the domain is in fail over the linux client machine can no longer retrieve the list of users from the domain. I would like to know if a person has already faced this situation and if so how he solved it. Thank you.
who are the DNS servers used by the client machine? Em 24/02/2017 05:42, Keshia lesly diana Etsiké malam via samba escreveu:> Hello, > I am currently testing for Samba4. The creation of the domain and the secondary Dc implementation works well. But by performing tests for a fail over situation I realized that when the DC that created the domain is in fail over the linux client machine can no longer retrieve the list of users from the domain. I would like to know if a person has already faced this situation and if so how he solved it. > > Thank you.-- Vinicius Silva SOC BRA: + 55 51 2117.1000 | 55 11 5521.2021 USA: + 1 888 259.5801 vbs at e-trust.com.br skype: vinicius.bones.silva Smiley face www.e-trust.com.br <http://www.e-trust.com.br/> Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou informações contidas nesta mensagem não necessariamente refletem a posição oficial da E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br. This message may contain privileged and confidential information for the use of the intended recipients only. If you are not an intended recipient then you should not disseminate, copy, or take any action based on its contents. If you have received this message in error then please notify E-TRUST by sending an e-mail message to suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not necessarily reflect the position of E-TRUST. If this message is digitally signed, its authenticity can be confirmed by E-TRUST Private Certificate Authority, available at www.e-trust.com.br.
No, the question is about your client machine. Who are the DNS servers configured on it? Does it have a second dns server configured? If it uses your first DC as DNS, and you take that DC offline, who the client machine will query for domain info? As for the issue below it is normal. Every DC registers an "A" record for your domain name. When you use dig, it will retrieve all "A" entries for "domain_name", but when you ping it, one of the A records will be selected at random and used to be the target for ping. You can do a "ipconfig /flushdns" to force the client machine to try and find a different address for ping. Regards, Vinicius. Em 24/02/2017 11:15, Keshia lesly diana Etsiké malam escreveu:> Normally all Dcs play the role of DNS. When I do a "dig domain_name" I have all the DCs > in the domain, but when I ping the domain name there is only one DC that responds. And I > do not know how to change that. When I shut down the DC having created the domain, the > secondary Dc are able resolve the domain naming. > > > Le Vendredi 24 février 2017 14h47, Vinicius Bones Silva via samba > <samba at lists.samba.org> a écrit : > > > who are the DNS servers used by the client machine? > > Em 24/02/2017 05:42, Keshia lesly diana Etsiké malam via samba escreveu: > > Hello, > > I am currently testing for Samba4. The creation of the domain and the secondary Dc > implementation works well. But by performing tests for a fail over situation I realized > that when the DC that created the domain is in fail over the linux client machine can no > longer retrieve the list of users from the domain. I would like to know if a person has > already faced this situation and if so how he solved it. > > > > Thank you. > > -- > > > Vinicius Silva > SOC > > > BRA: + 55 51 2117.1000 | 55 11 5521.2021 > USA: + 1 888 259.5801 > vbs at e-trust.com.br <mailto:vbs at e-trust.com.br> > skype: vinicius.bones.silva > > > > > > > > > > Smiley face > > www.e-trust.com.br <http://www.e-trust.com.br/> > > > Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta > mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com > base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a > E-TRUST, enviando um e-mail para suporte at e-trust.com.br. > <mailto:suporte at e-trust.com.br.> Opiniões, conclusões ou > informações contidas nesta mensagem não necessariamente refletem a posição oficial da > E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada > pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br. > > This message may contain privileged and confidential information for the use of the > intended recipients only. If you are not an intended recipient then you should not > disseminate, copy, or take any action based on its contents. If you have received this > message in error then please notify E-TRUST by sending an e-mail message to > suporte at e-trust.com.br <mailto:suporte at e-trust.com.br> immediately. Views and opinions > expressed in this message do not > necessarily reflect the position of E-TRUST. If this message is digitally signed, its > authenticity can be confirmed by E-TRUST Private Certificate Authority, available at > www.e-trust.com.br. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >-- Vinicius Silva SOC BRA: + 55 51 2117.1000 | 55 11 5521.2021 USA: + 1 888 259.5801 vbs at e-trust.com.br skype: vinicius.bones.silva Smiley face www.e-trust.com.br <http://www.e-trust.com.br/> Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou informações contidas nesta mensagem não necessariamente refletem a posição oficial da E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br. This message may contain privileged and confidential information for the use of the intended recipients only. If you are not an intended recipient then you should not disseminate, copy, or take any action based on its contents. If you have received this message in error then please notify E-TRUST by sending an e-mail message to suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not necessarily reflect the position of E-TRUST. If this message is digitally signed, its authenticity can be confirmed by E-TRUST Private Certificate Authority, available at www.e-trust.com.br.
Just a thought if the client machines are still getting a listing in the DNS for the failed machines wouldn't this be a problem? How would the programs know not to use the failed server? Is there a way to temporarily move the failed machines out of dns listings? On Fri, Feb 24, 2017 at 8:52 AM, Vinicius Bones Silva via samba < samba at lists.samba.org> wrote:> No, the question is about your client machine. Who are the DNS servers > configured on it? Does it have a second dns server configured? If it uses > your first DC as DNS, and you take that DC offline, who the client machine > will query for domain info? > > As for the issue below it is normal. Every DC registers an "A" record for > your domain name. When you use dig, it will retrieve all "A" entries for > "domain_name", but when you ping it, one of the A records will be selected > at random and used to be the target for ping. You can do a "ipconfig > /flushdns" to force the client machine to try and find a different address > for ping. > > Regards, > Vinicius. > > Em 24/02/2017 11:15, Keshia lesly diana Etsiké malam escreveu: > >> Normally all Dcs play the role of DNS. When I do a "dig domain_name" I >> have all the DCs in the domain, but when I ping the domain name there is >> only one DC that responds. And I do not know how to change that. When I >> shut down the DC having created the domain, the secondary Dc are able >> resolve the domain naming. >> >> >> Le Vendredi 24 février 2017 14h47, Vinicius Bones Silva via samba < >> samba at lists.samba.org> a écrit : >> >> >> who are the DNS servers used by the client machine? >> >> Em 24/02/2017 05:42, Keshia lesly diana Etsiké malam via samba escreveu: >> > Hello, >> > I am currently testing for Samba4. The creation of the domain and the >> secondary Dc implementation works well. But by performing tests for a fail >> over situation I realized that when the DC that created the domain is in >> fail over the linux client machine can no longer retrieve the list of users >> from the domain. I would like to know if a person has already faced this >> situation and if so how he solved it. >> > >> > Thank you. >> >> -- >> >> >> Vinicius Silva >> SOC >> >> >> BRA: + 55 51 2117.1000 | 55 11 5521.2021 >> USA: + 1 888 259.5801 >> vbs at e-trust.com.br <mailto:vbs at e-trust.com.br> >> skype: vinicius.bones.silva >> >> >> >> >> >> >> >> >> >> Smiley face >> >> www.e-trust.com.br <http://www.e-trust.com.br/> >> >> >> Esta mensagem pode conter informações confidenciais ou privilegiadas. Se >> você recebeu esta >> mensagem por engano, você não deve usar, copiar, divulgar ou tomar >> qualquer atitude com >> base nestas informações. Solicitamos que você apague a mensagem >> imediatamente e avise a >> E-TRUST, enviando um e-mail para suporte at e-trust.com.br. <mailto: >> suporte at e-trust.com.br.> Opiniões, conclusões ou >> informações contidas nesta mensagem não necessariamente refletem a >> posição oficial da >> E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode >> ser confirmada >> pela Autoridade Certificadora Privada E-TRUST, disponível em >> www.e-trust.com.br. >> >> This message may contain privileged and confidential information for the >> use of the >> intended recipients only. If you are not an intended recipient then you >> should not >> disseminate, copy, or take any action based on its contents. If you have >> received this >> message in error then please notify E-TRUST by sending an e-mail message >> to >> suporte at e-trust.com.br <mailto:suporte at e-trust.com.br> immediately. >> Views and opinions expressed in this message do not >> necessarily reflect the position of E-TRUST. If this message is digitally >> signed, its >> authenticity can be confirmed by E-TRUST Private Certificate Authority, >> available at >> www.e-trust.com.br. >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> > -- > > > Vinicius Silva > SOC > > > BRA: + 55 51 2117.1000 | 55 11 5521.2021 > USA: + 1 888 259.5801 > vbs at e-trust.com.br > skype: vinicius.bones.silva > > > > > > > > > > Smiley face > > www.e-trust.com.br <http://www.e-trust.com.br/> > > > Esta mensagem pode conter informações confidenciais ou privilegiadas. Se > você recebeu esta mensagem por engano, você não deve usar, copiar, divulgar > ou tomar qualquer atitude com base nestas informações. Solicitamos que você > apague a mensagem imediatamente e avise a E-TRUST, enviando um e-mail para > suporte at e-trust.com.br. Opiniões, conclusões ou informações contidas > nesta mensagem não necessariamente refletem a posição oficial da E-TRUST. > Caso assinada digitalmente, a autenticidade desta mensagem pode ser > confirmada pela Autoridade Certificadora Privada E-TRUST, disponível em > www.e-trust.com.br. > > This message may contain privileged and confidential information for the > use of the intended recipients only. If you are not an intended recipient > then you should not disseminate, copy, or take any action based on its > contents. If you have received this message in error then please notify > E-TRUST by sending an e-mail message to suporte at e-trust.com.br > immediately. Views and opinions expressed in this message do not > necessarily reflect the position of E-TRUST. If this message is digitally > signed, its authenticity can be confirmed by E-TRUST Private Certificate > Authority, available at www.e-trust.com.br. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Informatico Neurodesarrollo
2017-Feb-27 13:16 UTC
[Samba] Samba4 fail linux machine join to ADS
Helo friends:
This is my smb.conf file, runing in openSUSE 42.1 system and SAMBA acts
as a DNS proxy to Bind
# Global parameters
[global]
netbios name = SERVERDOM
realm = POLRMVAR.MTZ.SLD.CU
workgroup = POLRMVAR
dns forwarder = 10.44.0.5
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc
ldap server require strong auth = no
idmap_ldb:use rfc2307 = yes
...
And the client's linux machine (Linux Mint 18.1)configuration I try to join:
[global]
security = ADS
workgroup = POLRMVAR
realm = POLRMVAR.MTZ.SLD.CU
netbios name = el nombre de tu PC en MAYÚSCULA
add user script = /usr/sbin/adduser --quiet
--disabled-password --gecos
log file = /var/log/samba/%m.log
log level = 1
# Default idmap config used for BUILTIN and local
accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999
# Idmap config for domain POLRMVAR
idmap config POLRMVAR:backend = ad
idmap config POLRMVAR:schema_mode = rfc2307
idmap config POLRMVAR:range = 10000-99999
# Winbind
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
auth methods = winbind
winbind use default domain = true
winbind offline logon = false
# Use template settings for login shell and home directory
winbind nss info = template
template shell = /sbin/nologin
template homedir = /home/usuarios/%U
Kerberos and NTP on the side of client's machine work fine
When I try to join to ADS:
#net ads join -U Administrator
Enter Administrator's password:
ldb: unable to stat module /usr/lib/x86_64-linux-gnu/samba/ldb : No such
file or directory
[I don't know if is side of server or th linux's client machine
and,Why?]
Using short domain name -- POLRMVAR
Joined 'INFORMATICA2' to dns domain 'polrmvar.mtz.sld.cu'
[the machine has already joined to ADS Domaind ?????]
DNS Update for informática2.polrmvar.mtz.sld.cu failed:
ERROR_DNS_INVALID_NAME
[I was checked the sintaxis in named config file but informatica2 DNS
update failed: NT_STATUS_UNSUCCESSFUL
don't have acent]
T.I.A.
--
Jesús Reyes Piedra
Admin Red Neurodearrollo,Cárdenas
La caja decía:"Requiere windows 95 o superior"...
Entonces instalé LINUX.
--
Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece
Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de
Salud. La persona que envia este correo asume el compromiso de usar el servicio
a tales fines y cumplir con las regulaciones establecidas
Infomed: http://www.sld.cu/