Paul Littlefield
2020-Feb-17 12:45 UTC
[Samba] Failover DC did not work when Main DC failed
On 16/02/2020 15:03, Paul Littlefield via samba wrote:> 1) finding a way for ALL 70+ desktops to look up the DCs properly and switch to a running one if one is not available (otherwise what's the point right?)Hello Samba Mailing List, Just to be clear, I am using Ubuntu Server 18.04.4 LTS running Samba 4.7.6 on both DCs. Is this the Samba version I should be using for this 'multiple DCs' option or is there a known bug with anything less than the latest Samba 4.11.6? Yours, ever hopeful. Paully
> > I am not using BIND with Samba, just the Internal DNS which is the default. >What do you mean when you say "CNAMES or domain overrides pointing to a> single DC"? > I have DHCP handing out both DNS servers as 192.168.0.218 and > 192.168.0.219 and they both work as nameservers perfectly.This might be a problem down the road. The Samba Internal DNS does NOT round-robin -- it will always return your list of DC's in the same order, so requests usually go to the first result. If you have any simple ldapclients (PHP clients, for example), it will query in order. I don't know if the ldapclient is smart enough to look at a 2nd DNS response if the 1st doesn't respond, but probably not -- further implied by "password server = <dc1> <dc2>" and failover/redundancy is handled sequentially. Re-reading how Windows' Netlogon Cache and such works, the client should query a DNS server for known DC's and then perform an ldap-ping to ALL of them before caching the preferred DC. Which should mean that the order in which a DC is listed or returned shouldn't matter, so the Internal DNS lacking round-robin shouldn't matter to Windows clients. But you might as well go all the way ... Kris Lou klou at themusiclink.net On Mon, Feb 17, 2020 at 4:45 AM Paul Littlefield <info at paully.co.uk> wrote:> On 16/02/2020 15:03, Paul Littlefield via samba wrote: > > 1) finding a way for ALL 70+ desktops to look up the DCs properly and > switch to a running one if one is not available (otherwise what's the point > right?) > > Hello Samba Mailing List, > > Just to be clear, I am using Ubuntu Server 18.04.4 LTS running Samba 4.7.6 > on both DCs. > > Is this the Samba version I should be using for this 'multiple DCs' option > or is there a known bug with anything less than the latest Samba 4.11.6? > > Yours, ever hopeful. > > Paully >
Paul Littlefield
2020-Feb-19 10:54 UTC
[Samba] Failover DC did not work when Main DC failed
On 18/02/2020 19:58, Kris Lou via samba wrote:> This might be a problem down the road. The Samba Internal DNS does NOT > round-robin -- it will always return your list of DC's in the same order, > so requests usually go to the first result. If you have any simple > ldapclients (PHP clients, for example), it will query in order. I don't > know if the ldapclient is smart enough to look at a 2nd DNS response if the > 1st doesn't respond, but probably not -- further implied by "password > server = <dc1> <dc2>" and failover/redundancy is handled sequentially. > > Re-reading how Windows' Netlogon Cache and such works, the client should > query a DNS server for known DC's and then perform an ldap-ping to ALL of > them before caching the preferred DC. Which should mean that the order in > which a DC is listed or returned shouldn't matter, so the Internal DNS > lacking round-robin shouldn't matter to Windows clients. But you might as > well go all the way ...Hello Kris, Thanks for this information, hopefully it will help us. Samba 4 AD DC QNAP Domain Joined DNS1 = 192.168.0.218 DNS2 = 192.168.0.219 DC1 = 192.168.0.218 DC2 = 192.168.0.219 QNAP = 192.168.0.201 So, normally, a Windows client should do this... Domain --> DNS1 --> DC1 Files --> DNS1 --> QNAP --> DC1 In the event of server failure (DNS1/DC1 is unavailable) a Windows client should do this... Domain --> DNS1 = fail --> DNS2 --> DC1 = fail --> DC2 Files --> DNS1 = fail --> DNS2 --> QNAP --> DC1 = fail --> DC2 ...have I got that correct? Is this what everyone else is doing?! Regards, Paully
Paul Littlefield
2020-Feb-21 10:58 UTC
[Samba] Failover DC did not work when Main DC failed
On 18/02/2020 19:58, Kris Lou via samba wrote:> This might be a problem down the road. The Samba Internal DNS does NOT > round-robin -- it will always return your list of DC's in the same order, > so requests usually go to the first result. If you have any simple > ldapclients (PHP clients, for example), it will query in order. I don't > know if the ldapclient is smart enough to look at a 2nd DNS response if the > 1st doesn't respond, but probably not -- further implied by "password > server = <dc1> <dc2>" and failover/redundancy is handled sequentially. > > Re-reading how Windows' Netlogon Cache and such works, the client should > query a DNS server for known DC's and then perform an ldap-ping to ALL of > them before caching the preferred DC. Which should mean that the order in > which a DC is listed or returned shouldn't matter, so the Internal DNS > lacking round-robin shouldn't matter to Windows clients. But you might as > well go all the way ...Hello Kris, Thanks for this information, hopefully it will help us. Samba 4 AD DC QNAP Domain Joined DNS1 = 192.168.0.218 DNS2 = 192.168.0.219 DC1 = 192.168.0.218 DC2 = 192.168.0.219 QNAP = 192.168.0.201 So, normally, a Windows client should do this... Domain --> DNS1 --> DC1 Files --> DNS1 --> QNAP --> DC1 In the event of server failure (DNS1/DC1 is unavailable) a Windows client should do this... Domain --> DNS1 = fail --> DNS2 --> DC1 = fail --> DC2 Files --> DNS1 = fail --> DNS2 --> QNAP --> DC1 = fail --> DC2 ...have I got that correct? Is this what everyone else is doing?! Regards, Paully -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba