Chris Stankevitz
2017-Aug-14 23:22 UTC
[Samba] Taking down domain controller and I don't want to upset winbind
Hi, I use ads and have a windows domain with several domain controllers (dc1, dc2, dc3, etc). Winbind seems to "be connected" to one of these domain controllers: wbinfo -P checking the NETLOGON for domain[MYDOMAIN] dc connection to "dc1.mydomain.local" succeeded Presumably winbind learned that "dc1" was a domain controller by performing a DNS lookup of type SRV on _ldap._tcp.dc._msdcs.mydomain.local I will be permanently turning off dc1. There are plenty of other domains to choose from (all listed at DNS/SRV). When dc1 is unavailable, will winbind continue to attempt connections to dc1 (and fail) or will it try "the next domain controller" in the DNS/SRV list (and succeed)? Thank you, Chris
mathias dufresne
2017-Aug-18 12:47 UTC
[Samba] Taking down domain controller and I don't want to upset winbind
You could try to create a new "Active Directory Site" with no network associated, then move DC1 to that AD site. If you have some other AD site with networks declared (and in these networks the one containing your winbind client) winbind should move from DC1 to another DC at one moment. Windows client keep DC in cache 24h when this is in same AD site than the client. And so after 24h they should start a new process to find a new DC (possibly the same). I expect winbind should have a relatively similar behaviour than Windows client, so at one moment your winbind should start a process to find another DC to connect on. I'd be pleased to know if that worked :) 2017-08-15 1:22 GMT+02:00 Chris Stankevitz via samba <samba at lists.samba.org> :> Hi, > > I use ads and have a windows domain with several domain controllers > (dc1, dc2, dc3, etc). Winbind seems to "be connected" to one of these > domain controllers: > > wbinfo -P > checking the NETLOGON for domain[MYDOMAIN] dc connection to > "dc1.mydomain.local" succeeded > > Presumably winbind learned that "dc1" was a domain controller by > performing a DNS lookup of type SRV on > _ldap._tcp.dc._msdcs.mydomain.local > > I will be permanently turning off dc1. There are plenty of other > domains to choose from (all listed at DNS/SRV). When dc1 is > unavailable, will winbind continue to attempt connections to dc1 (and > fail) or will it try "the next domain controller" in the DNS/SRV list > (and succeed)? > > Thank you, > > Chris > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba