similar to: Failover DC did not work when Main DC failed

On 12/02/2020 12:54, L.P.H. van Belle via samba wrote: > > >> Hello Louis, >> >> Thanks for your reply. >> >> For that dig command I get... >> >> >> root at dc3.mydomain.com ~ $ (screen) dig NS $(hostname -d) >> >> ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> NS mydomain.com >> ;; global options: +cmd

On 13/02/2020 13:11, Paul Littlefield wrote: > On 12/02/2020 13:08, Rowland penny via samba wrote: >> The first is that a DC must use itself as its nameserver and if >> something goes wrong e.g. Samba has fallen over, then there isn't >> much point having another nameserver, Samba isn't going to use it >> >> The second is, it will not hurt having a second

On 16/02/2020 15:03, Paul Littlefield via samba wrote: > 1) finding a way for ALL 70+ desktops to look up the DCs properly and switch to a running one if one is not available (otherwise what's the point right?) Hello Samba Mailing List, Just to be clear, I am using Ubuntu Server 18.04.4 LTS running Samba 4.7.6 on both DCs. Is this the Samba version I should be using for this

What do you see/get when you run: dig NS $(hostname -d) With 2 dc's you should see 2 records. In the past this was a bug at samba joins so only 1 NS record existed. Worth to have a look at. And adding this to /etc/resolv.conf: options timeout:2 options attempts:3 options rotate Also might help. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba

On 03/02/2020 18:49, Kris Lou via samba wrote: > > From windows: > echo %logonserver% \\DC3 > nltest /dsgetdc:<domain> DC:\\DC3 Address: \\192.168.0.218 Dom Guid: bla bla bla ... The command completed successfully. > From a *nix domain member (i.e. client, not DC): > wbinfo --getdcname=<domain> > winbind --ping-dc wbinfo --getdcname=MYDOMAIN DC3 wbinfo

> > I am not using BIND with Samba, just the Internal DNS which is the default. > What do you mean when you say "CNAMES or domain overrides pointing to a > single DC"? > I have DHCP handing out both DNS servers as 192.168.0.218 and > 192.168.0.219 and they both work as nameservers perfectly. This might be a problem down the road. The Samba Internal DNS does NOT

> > Hello Louis, > > Thanks for your reply. > > For that dig command I get... > > > root at dc3.mydomain.com ~ $ (screen) dig NS $(hostname -d) > > ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> NS mydomain.com > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63144 > ;;

My reverse zones have PTR records. Though I don't have NS records for all of my DC's. I guess that needs to be manually created. Also, you don't have any CNAMES or domain overrides pointing to a single DC? Perhaps Bind is pointing to another internal DNS server, and then to a public DNS? ---- Here's a way to test failover from a Windows client: You can switch logon servers

On 01/02/2020 15:10, Rowland penny via samba wrote: > Not really, all Samba AD DC's are global catalogs ;-) Ah, OK... so we don't need to worry about that then? -- Paul Littlefield Telephone: 07801 125705 Email: info at paully.co.uk Wiki: http://wiki.indie-it.com/wiki/Special:AllPages LinkedIn: https://www.linkedin.com/in/paullittlefield Paul Littlefield is environmentally

On 13/02/2020 16:28, Paul Littlefield wrote: > On 13/02/2020 15:17, Rowland penny via samba wrote: >> The various ways have already been mentioned, but are all your DCs >> listed as nameservers (NS) in the SOA's for the forward and reverse >> zones ? > > > I think so... > > > root at dc3.mydomain.com ~ $ (screen) samba-tool dns query dc3 >

On 01/02/2020 14:39, Barry Lyndsell wrote: > https://wiki.samba.org/index.php/Terms_and_Abbreviations#Global_Catalog_.28GC.29 > Good find, thanks! Paul

Hello Kris, On 13/02/2020 19:28, Kris Lou via samba wrote: > My reverse zones have PTR records. Though I don't have NS records for all > of my DC's. I guess that needs to be manually created. I have NS records for all 2 of my DC's and I just followed the Installation page on the Wiki. > Also, you don't have any CNAMES or domain overrides pointing to a single >

Is DC4 listed in in an A record for your mycompany.com? Do logs show that it's answering requests during the course of a normal workday? If so ... time to simulate DC3 failure, I guess. Kris Lou klou at themusiclink.net On Tue, Feb 11, 2020 at 5:25 AM Paul Littlefield <info at paully.co.uk> wrote: > On 03/02/2020 18:49, Kris Lou via samba wrote: > > > > From windows:

On 31/01/2020 18:47, Rowland penny via samba wrote: > I don't think this is problem with how to find the BEST dc to use, I think it is a problem finding ANY dc to use. > > I have: > > options timeout:1 attempts:1 rotate > > in /etc/resolv.conf on Linux clients and I don't have a problem when DNS disconnects on the first nameserver. > > It seems that Windows

Hello Kris, On 03/02/2020 07:15, Kris Lou via samba wrote: > Unless it's_not_ a global catalog. Check your SRV records again, there > should be corresponding "_gc" records (similar to "_ldap") for each DC. Checked and both DCs pass all tests:- host -t SRV _ldap._tcp.mydomain.com. host -t SRV _gc._tcp.mydomain.com. host -t SRV _kerberos._udp.mydomain.com. host -t

Hello List, I have successfully migrated my DCs to 4.7.6-Ubuntu However, I still have some traces of the old DCs in the DNS... $ samba-tool dns query dc3 mydomain.com @ ALL Name=, Records=8, Children=0 SOA: serial=570, refresh=900, retry=600, expire=86400, minttl=0, ns=dc3.mydomain.com. NS: samba.mydomain.com. (flags=600000f0, serial=110, ttl=900) NS: dc3.mydomain.com.

On 12/02/2020 13:08, Rowland penny via samba wrote: > The first is that a DC must use itself as its nameserver and if something goes wrong e.g. Samba has fallen over, then there isn't much point having another nameserver, Samba isn't going to use it > > The second is, it will not hurt having a second nameserver on a DC, just as long you understand that Samba will not use the

Unless it's _not_ a global catalog. Check your SRV records again, there should be corresponding "_gc" records (similar to "_ldap") for each DC. So, based upon the link/graphic I posted earlier: * either your 2nd DC isn't being returned as a part of DNS lookups * or that 2nd DC isn't responding to queries for authentication * or the client isn't

On 31/01/2020 18:15, Kris Lou via samba wrote: > Here is another link (with a set of links in the article, sorry): > https://blogs.msmvps.com/acefekay/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records/ > > > I particularly like the Summary graphic about 20% down: Thanks Kris. -- Paul Littlefield Telephone: 07801

On 31/01/2020 17:07, Barry Lyndsell wrote: > Don't know if it's relevant, but in a Windows AD environment, at least on domain controller would need to be the global catalogue (GC.) > > ADUC on V-Admin is showing neither domain controller holding that role. > Thanks Barry. -- Paul Littlefield Telephone: 07801 125705 Email: info at paully.co.uk Wiki: