samba - Jan 2025 - R: R: R: R: R: samba remote site client authentication and network browsing problem

On Fri, 3 Jan 2025 08:29:59 +0000
Manzini Enrico <emanzini at zensistemi.com> wrote:
> Hi Rowland, below, the servers and the remote client dns configuration
> 
> Server's dns configuration:
> DC-1:
>  - themself
>  - DC-2
> 
> DC-2
>  - themself
>  - DC-1
> 
> RODC-1
>  - DC-1
>  - DC-2
>  - themself
> 
In my opinion, all Samba AD DCs should only have themselves as their
nameserver, if something goes wrong, can you really rely on what it
returns if it is coming from another DC ?

When we come to your RODC, well it is looks to me that your clients are
asking the RODC for domain records and the RODC is going 'hang on, I
will ask DNS and, when it is online, DC-1 returns the info and the RODC
passes it to the client. When DC-1 is offline (which probably means
that DC-2 is as well), the client asks for a domain record, the RODC
asks DC-1 for the data, only it cannot find DC-1, so it waits for about
30 seconds and then tries DC-2, waits for about 30 seconds and then
finally tries itself and you 'may' get an answer if that record has
replicated.

Please fix your DNS.

Rowland

PS: Please do not CC me

Hi Rowland,

i've modified, the dns like below:
RODC-1:
 - themself
 - DC-1
 - DC-2

DC-1 And DC-2 dns configuration not modified

But the problems remains
 - samba-tool drs replicate rodc-1 dc-2 dc=scratch,dc=lan -U administrator did
not replicate
 - network browsing anyway require authentication and not work

Enrico Manzini




-----Messaggio originale-----
Da: samba <samba-bounces at lists.samba.org> Per conto di Rowland Penny
via samba
Inviato: venerd? 3 gennaio 2025 10:06
A: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Oggetto: Re: [Samba] R: R: R: R: samba remote site client authentication and
network browsing problem

On Fri, 3 Jan 2025 08:29:59 +0000
Manzini Enrico <emanzini at zensistemi.com> wrote:
> Hi Rowland, below, the servers and the remote client dns configuration
> 
> Server's dns configuration:
> DC-1:
>  - themself
>  - DC-2
> 
> DC-2
>  - themself
>  - DC-1
> 
> RODC-1
>  - DC-1
>  - DC-2
>  - themself
> 
In my opinion, all Samba AD DCs should only have themselves as their nameserver,
if something goes wrong, can you really rely on what it returns if it is coming
from another DC ?

When we come to your RODC, well it is looks to me that your clients are asking
the RODC for domain records and the RODC is going 'hang on, I will ask DNS
and, when it is online, DC-1 returns the info and the RODC passes it to the
client. When DC-1 is offline (which probably means that DC-2 is as well), the
client asks for a domain record, the RODC asks DC-1 for the data, only it cannot
find DC-1, so it waits for about
30 seconds and then tries DC-2, waits for about 30 seconds and then finally
tries itself and you 'may' get an answer if that record has replicated.

Please fix your DNS.

Rowland

PS: Please do not CC me


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba