Hi, On Wed, Nov 08, 2017 at 03:21:28PM +0000, Rowland Penny wrote:> On Wed, 8 Nov 2017 14:33:28 +0100 > Ervin Hegedüs <airween at gmail.com> wrote: > > > When I turned off the open-ldap2, and open-ldap works, then the > > wbinfo -a returns with succeed, but only after 30 seconds. > > > OK, the problem here is not that you have turned off the first DC, it > is that the client keeps trying to connect to it for 30 seconds. > > You need to add: > > 'timeout:1 attempts:2 rotate' > > to /etc/resolv.confokay, may be I've found something interest: the DC's have 2 network interfaces (eth0: 192.168.100.n/26, eth1: 10.10.20.m/25). We planned, that the eth0 and that network will be used. But I've added the another network addresses to DNS too. Perhaps this was my mistake, because I've removed the 10.10.20.x addresses from DNS (from domain, and from DC's A record), and now I turned off any DC (till another works, of course), and client can authenticate! But. :) After some minutes, the 10.10.20.x address gone back to DNS... and I didn't set it up... # host -t A core.mydomain.hu core.mydomain.hu has address 192.168.255.100 core.mydomain.hu has address 192.168.255.99 (takes few minutes...) # host -t A core.mydomain.hu core.mydomain.hu has address 192.168.255.100 core.mydomain.hu has address 10.10.20.202 core.mydomain.hu has address 192.168.255.99 How can I prevent that this record appears in zone? I can delete that with samba-tool: # samba-tool dns delete open-ldap.core.mydomain.hu core.mydomain.hu core.mydomain.hu A 10.10.20.202 -Uadministrator at core.mydomain.hu Password for [administrator at core.mydomain.hu]: Record deleted successfully # host -t A core.mydomain.hu core.mydomain.hu has address 192.168.255.100 core.mydomain.hu has address 192.168.255.99 but it comes again after some minutes... Thanks, a.
On Wed, 8 Nov 2017 17:20:09 +0100 Ervin Hegedüs <airween at gmail.com> wrote:> Hi, > > > On Wed, Nov 08, 2017 at 03:21:28PM +0000, Rowland Penny wrote: > > On Wed, 8 Nov 2017 14:33:28 +0100 > > Ervin Hegedüs <airween at gmail.com> wrote: > > > > > When I turned off the open-ldap2, and open-ldap works, then the > > > wbinfo -a returns with succeed, but only after 30 seconds. > > > > > > OK, the problem here is not that you have turned off the first DC, > > it is that the client keeps trying to connect to it for 30 seconds. > > > > You need to add: > > > > 'timeout:1 attempts:2 rotate' > > > > to /etc/resolv.conf > > okay, may be I've found something interest: the DC's have 2 > network interfaces (eth0: 192.168.100.n/26, eth1: 10.10.20.m/25). > > We planned, that the eth0 and that network will be used. > > But I've added the another network addresses to DNS too. > > Perhaps this was my mistake, because I've removed the 10.10.20.x > addresses from DNS (from domain, and from DC's A record), and now I > turned off any DC (till another works, of course), and client can > authenticate! > > But. :) > > After some minutes, the 10.10.20.x address gone back to DNS... > and I didn't set it up... > > # host -t A core.mydomain.hu > core.mydomain.hu has address 192.168.255.100 > core.mydomain.hu has address 192.168.255.99 > > (takes few minutes...) > > # host -t A core.mydomain.hu > core.mydomain.hu has address 192.168.255.100 > core.mydomain.hu has address 10.10.20.202 > core.mydomain.hu has address 192.168.255.99 > > > How can I prevent that this record appears in zone? > > I can delete that with samba-tool: > > # samba-tool dns delete open-ldap.core.mydomain.hu core.mydomain.hu > core.mydomain.hu A 10.10.20.202 -Uadministrator at core.mydomain.hu > Password for [administrator at core.mydomain.hu]: Record deleted > successfully # host -t A core.mydomain.hu > core.mydomain.hu has address 192.168.255.100 > core.mydomain.hu has address 192.168.255.99 > > > but it comes again after some minutes... > > > Thanks, > > > a. >Something must be putting it back, do you have a dhcp client running on the machine ? I have thought of something else, are both of your DCs Authoritative for the dns domain ? Rowland
Hi Rowland, On Wed, Nov 08, 2017 at 04:27:22PM +0000, Rowland Penny via samba wrote:> On Wed, 8 Nov 2017 17:20:09 +0100 > Ervin Hegedüs <airween at gmail.com> wrote: > > > > > but it comes again after some minutes... > > > > > > Something must be putting it back, do you have a dhcp client running on > the machine ?no, all interfaces configured statically,> I have thought of something else, are both of your DCs Authoritative > for the dns domain ?they knows about themselves that they are :). Now I removed the 10.10.20.x addresses from everywhere (resolv.conf, hosts), I'll check it soon. But your options to resolv.conf still requires to work the failover mode. a.