Hello, thanks for your response. I'm using samba_internal as DNS because I don't want to add bind to only relay the internal DNS. The hosts file is clean on srv2 DC (default localhost), and this is the srv1 hosts: 192.168.0.251 srv1.domain.com srv1 resolv.conf srv1: domain domain search domain.com nameserver 192.168.0.251 nameserver 8.8.8.8 resolv.conf srv2: nameserver 192.168.0.254 nameserver 8.8.8.8 smb.conf srv1 (just the created by samba-tool with dns forwarder): [global] netbios name = SRV1 realm = DOMAIN.COM workgroup = DOMAIN server role = active directory domain controller dns forwarder = 8.8.8.8 [netlogon] path = /server/samba/data/var/locks/sysvol/domain.com/scripts read only = No [sysvol] path = /server/samba/data/var/locks/sysvol read only = No smb.conf srv1 (same as above plus idmap_ldb:use rfc2307 = yes and binded interfaces): # Global parameters [global] netbios name = SRV2 realm = DOMAIN.COM workgroup = DOMAIN server role = active directory domain controller idmap_ldb:use rfc2307 = yes dns forwarder = 8.8.8.8 # Only users interfaces bind interfaces only = yes interfaces = eth0 eth0:0 [netlogon] path = /server/samba/data/var/locks/sysvol/domain.com/scripts read only = No [sysvol] path = /server/samba/data/var/locks/sysvol read only = No Greetings!! 2017-09-27 16:39 GMT+02:00 L.P.H. van Belle via samba <samba at lists.samba.org>:> This is how you should do it. > > Can you post your /etc/hosts and resolv.conf > Samba uses? Bind9_DLZ or Internal DNS ? > And smb.conf of both servers. > > If you use bind, also post the bind config. > > > Anonimize where needed. > > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Daniel Carrasco via samba > > Verzonden: woensdag 27 september 2017 15:34 > > Aan: samba at lists.samba.org > > Onderwerp: [Samba] Multiple DC haven't HA on Windows > > > > Hello, > > > > I'm trying to replace a Windows Server 2003 DC that has > > problems, with a Samba 4 domain with HA. > > The linux client server seems to works fine even when main > > DC/DNS server fails, but as always, Windows clients not... > > They are able to log in (maybe using cached credentials), but > > the GPO are not being applied... > > > > I've checked the sysvol folder and both are syncsynchronized > > and accesible from the client computers. Also the DNS entries > > of the domain points to both servers, and both servers are in > > Windows DNS configuration. > > The secondary DNS server seems to answer to dns request > > because internet is working and it's able to resolv domain entries. > > The FSMO also points to secondary server that was the main > > server until I used the other as main DNS. > > > > How I can make HA for Windows Clients? > > > > Thanks and greetings! > > > > > > -- > > _________________________________________ > > > > Daniel Carrasco Marín > > Ingeniería para la Innovación i2TIC, S.L. > > Tlf: +34 911 12 32 84 Ext: 223 > > www.i2tic.com > > _________________________________________ > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- _________________________________________ Daniel Carrasco Marín Ingeniería para la Innovación i2TIC, S.L. Tlf: +34 911 12 32 84 Ext: 223 www.i2tic.com _________________________________________
On Wed, 27 Sep 2017 17:05:31 +0200 Daniel Carrasco via samba <samba at lists.samba.org> wrote:> Hello, thanks for your response. > > I'm using samba_internal as DNS because I don't want to add bind to > only relay the internal DNS.Can you expand on that ? Your DC should be authoritative for the AD dns domain and your Domain clients should use the DC for their DNS, anything outside the domain should be forwarded to a DNS server outside the AD domain. This should happen whether you use the 'internal' or 'Bind9' dns server.> > > The hosts file is clean on srv2 DC (default localhost), and this is > the srv1 hosts: > 192.168.0.251 srv1.domain.com srv1 >This seems to be wrong, you should have the DCs IP and FQDN shorthostname in it and '127.0.0.1 localhost' From what you have posted, your /etc/hosts should be: DC1: 127.0.0.1 localhost 192.168.0.251 srv1.domain.com srv1 DC2: 127.0.0.1 localhost 192.168.0.254 srv2.domain.com srv2> > resolv.conf srv1: > domain domain > search domain.com > nameserver 192.168.0.251 > nameserver 8.8.8.8 >You should remove the 'domain' line, this is ignored when followed by the 'search' line You should replace the second nameserver with the IP of the second DC> resolv.conf srv2: > nameserver 192.168.0.254 > nameserver 8.8.8.8 >This should be similar to the other DC, just swap the nameserver lines. Rowland
Thanks Rowland. 2017-09-27 17:49 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:> On Wed, 27 Sep 2017 17:05:31 +0200 > Daniel Carrasco via samba <samba at lists.samba.org> wrote: > > > Hello, thanks for your response. > > > > I'm using samba_internal as DNS because I don't want to add bind to > > only relay the internal DNS. > > Can you expand on that ? >If samba_internal can manage the dns names and send the unknown requests to outside I don't want to add more damons to the server like for example Bind9, then I'm just using the internal dns alone.> > Your DC should be authoritative for the AD dns domain and your Domain > clients should use the DC for their DNS, anything outside the domain > should be forwarded to a DNS server outside the AD domain. This > should happen whether you use the 'internal' or 'Bind9' dns server. >I'm a bit new on Windows Domains. How I can check if the DC is authoritative?. I know that both servers answers to dns requests and both are synchronized (if I edit a DNS entrie on srv1, srv2 receives the change), and both sends the outside requests to google dns (dns forwarder = 8.8.8.8). If I ask the dns entry for the domain name I got both servers addresses (dig domain.com). Clients have both servers as DNS servers. SRV2 is the main dns server and SRV1 is the secondary server. When main DNS server is down then the secondary starts to work (at least internet works).> > > > > > > The hosts file is clean on srv2 DC (default localhost), and this is > > the srv1 hosts: > > 192.168.0.251 srv1.domain.com srv1 > > > > This seems to be wrong, you should have the DCs IP and FQDN > shorthostname in it and '127.0.0.1 localhost' > From what you have posted, your /etc/hosts should be: > > DC1: > > 127.0.0.1 localhost > 192.168.0.251 srv1.domain.com srv1 > > DC2: > > 127.0.0.1 localhost > 192.168.0.254 srv2.domain.com srv2 > > > > > resolv.conf srv1: > > domain domain > > search domain.com > > nameserver 192.168.0.251 > > nameserver 8.8.8.8 > > > > You should remove the 'domain' line, this is ignored when followed by > the 'search' line > You should replace the second nameserver with the IP of the second DC > > > resolv.conf srv2: > > nameserver 192.168.0.254 > > nameserver 8.8.8.8 > > > > This should be similar to the other DC, just swap the nameserver lines. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >I take note. I'll make the changes to see how it works. Thanks again and greetings!! -- _________________________________________ Daniel Carrasco Marín Ingeniería para la Innovación i2TIC, S.L. Tlf: +34 911 12 32 84 Ext: 223 www.i2tic.com _________________________________________