Paul Littlefield
2020-Feb-11 13:25 UTC
[Samba] Failover DC did not work when Main DC failed
On 03/02/2020 18:49, Kris Lou via samba wrote:> > From windows: > echo %logonserver%\\DC3> nltest /dsgetdc:<domain>DC:\\DC3 Address: \\192.168.0.218 Dom Guid: bla bla bla ... The command completed successfully.> From a *nix domain member (i.e. client, not DC): > wbinfo --getdcname=<domain> > winbind --ping-dcwbinfo --getdcname=MYDOMAIN DC3 wbinfo --ping-dc checking the NETLOGON for domain[mydomain] dc connection to "dc3.mydomain.com" succeeded> That's probably expected. I don't think nslookup can query multiple DNS > servers at once. But is DC4 actually responding to DNS queries? Compare > "nslookup <domain> <DC3-ip>" and "nslookup <domain> <DC4-ip>", which will > hopefully tell you that both DC3/DC4 are capable of answering queries.Yep, DC4 is responding to queries.> This DNS timeout on "standard traffic" is probably what you need to figure > out then.OK.> And I hate to ask, but are both samba and bind set to automatically start > after boot (on the DC's)?Yup. Paully -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Is DC4 listed in in an A record for your mycompany.com? Do logs show that it's answering requests during the course of a normal workday? If so ... time to simulate DC3 failure, I guess. Kris Lou klou at themusiclink.net On Tue, Feb 11, 2020 at 5:25 AM Paul Littlefield <info at paully.co.uk> wrote:> On 03/02/2020 18:49, Kris Lou via samba wrote: > > > > From windows: > > echo %logonserver% > > \\DC3 > > > > nltest /dsgetdc:<domain> > > DC:\\DC3 > Address: \\192.168.0.218 > Dom Guid: bla bla bla > ... > The command completed successfully. > > > > From a *nix domain member (i.e. client, not DC): > > wbinfo --getdcname=<domain> > > winbind --ping-dc > > wbinfo --getdcname=MYDOMAIN > DC3 > > wbinfo --ping-dc > checking the NETLOGON for domain[mydomain] dc connection to " > dc3.mydomain.com" succeeded > > > > That's probably expected. I don't think nslookup can query multiple DNS > > servers at once. But is DC4 actually responding to DNS queries? Compare > > "nslookup <domain> <DC3-ip>" and "nslookup <domain> <DC4-ip>", which will > > hopefully tell you that both DC3/DC4 are capable of answering queries. > > Yep, DC4 is responding to queries. > > > > This DNS timeout on "standard traffic" is probably what you need to > figure > > out then. > > OK. > > > > And I hate to ask, but are both samba and bind set to automatically start > > after boot (on the DC's)? > > Yup. > > Paully > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Paul Littlefield
2020-Feb-12 09:47 UTC
[Samba] Failover DC did not work when Main DC failed
On 11/02/2020 23:33, Kris Lou via samba wrote:> Is DC4 listed in in an A record for your mycompany.com? > > Do logs show that it's answering requests during the course of a normal > workday? > > If so ... time to simulate DC3 failure, I guess.Hi Kris, Thanks for taking the time to reply. I've been using Samba for what seems like a lifetime and it's only by sheer fluke that this "bug / situation" was found where either Samba DC AD is not correct and/or the QNAP server does not like talking to the Samba 4 domain when one of the DCs is not available! In answer to your questions... Yes, DC4 is listed in an A record. Which log file can I check, for either AD or DNS requests? Yes, indeed... I am going to create 2 DC VMs on my laptop and turn one off to see what happens. Stay tuned. Regards, -- Paul Littlefield Telephone: 07801 125705 Email: info at paully.co.uk Wiki: http://wiki.indie-it.com/wiki/Special:AllPages LinkedIn: https://www.linkedin.com/in/paullittlefield Paul Littlefield is environmentally responsible. Please consider the environment before printing this email. This email and any attachment is intended for the named addressee only, or person authorised to receive it on their behalf. The content should be treated as confidential and the recipient may not disclose this message or any attachment to anyone else without authorisation. If this transmission is received in error please notify the sender immediately and delete this message from your email system. All electronic transmissions to and from me are recorded and may be monitored. Finally, the recipient should check this email and any attachments for viruses. Paul Littlefield accepts no liability for any damage caused by any virus transmitted by this email. Ubuntu 18.04.3 LTS (x86_64) Tmesis is a linguistic phenomenon in which a word or phrase is separated into two parts, with other words interrupting between them... well, abso-blooming-lutely.
L.P.H. van Belle
2020-Feb-12 10:06 UTC
[Samba] Failover DC did not work when Main DC failed
What do you see/get when you run: dig NS $(hostname -d) With 2 dc's you should see 2 records. In the past this was a bug at samba joins so only 1 NS record existed. Worth to have a look at. And adding this to /etc/resolv.conf: options timeout:2 options attempts:3 options rotate Also might help. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Paul > Littlefield via samba > Verzonden: woensdag 12 februari 2020 10:48 > Aan: Kris Lou; samba > Onderwerp: Re: [Samba] Failover DC did not work when Main DC failed > > On 11/02/2020 23:33, Kris Lou via samba wrote: > > Is DC4 listed in in an A record for your mycompany.com? > > > > Do logs show that it's answering requests during the course > of a normal > > workday? > > > > If so ... time to simulate DC3 failure, I guess. > > Hi Kris, > > Thanks for taking the time to reply. > > I've been using Samba for what seems like a lifetime and it's > only by sheer fluke that this "bug / situation" was found > where either Samba DC AD is not correct and/or the QNAP > server does not like talking to the Samba 4 domain when one > of the DCs is not available! > > In answer to your questions... > > Yes, DC4 is listed in an A record. > > Which log file can I check, for either AD or DNS requests? > > Yes, indeed... I am going to create 2 DC VMs on my laptop and > turn one off to see what happens. > > Stay tuned. > > Regards, > > -- > > Paul Littlefield > > Telephone: 07801 125705 > Email: info at paully.co.uk > Wiki: http://wiki.indie-it.com/wiki/Special:AllPages > LinkedIn: https://www.linkedin.com/in/paullittlefield > > Paul Littlefield is environmentally responsible. Please > consider the environment before printing this email. This > email and any attachment is intended for the named addressee > only, or person authorised to receive it on their behalf. The > content should be treated as confidential and the recipient > may not disclose this message or any attachment to anyone > else without authorisation. If this transmission is received > in error please notify the sender immediately and delete this > message from your email system. All electronic transmissions > to and from me are recorded and may be monitored. Finally, > the recipient should check this email and any attachments for > viruses. Paul Littlefield accepts no liability for any damage > caused by any virus transmitted by this email. > > Ubuntu 18.04.3 LTS (x86_64) > > Tmesis is a linguistic phenomenon in which a word or phrase > is separated into two parts, with other words interrupting > between them... well, abso-blooming-lutely. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >