[Samba] DC outage - Samba

This is a discussion on [Samba] DC outage - Samba ; Hello We had an outage of one of our domain controllers today and all Linux servers have lost their connection to the ADS. I always thought winbind should switch to another DC if one is not reachable anymore. The windows ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: [Samba] DC outage

  1. [Samba] DC outage

    Hello

    We had an outage of one of our domain controllers today and all Linux
    servers have lost their connection to the ADS. I always thought
    winbind should switch to another DC if one is not reachable anymore.
    The windows servers in the same domain switched to a new one. do i
    have to specify more than 1 password server in smb.conf?

    cheers
    urs
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] DC outage

    On Thu, Jul 10, 2008 at 05:05:48PM +0200, Urs Golla wrote:
    > Hello
    >
    > We had an outage of one of our domain controllers today and all Linux
    > servers have lost their connection to the ADS. I always thought
    > winbind should switch to another DC if one is not reachable anymore.
    > The windows servers in the same domain switched to a new one. do i
    > have to specify more than 1 password server in smb.conf?


    No you shouldn't. What version of Samba is this ?

    Jeremy.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] DC outage

    it is the latest stable from sernet for rhel4 32bit

    On Thu, Jul 10, 2008 at 6:27 PM, Jeremy Allison wrote:
    > On Thu, Jul 10, 2008 at 05:05:48PM +0200, Urs Golla wrote:
    >> Hello
    >>
    >> We had an outage of one of our domain controllers today and all Linux
    >> servers have lost their connection to the ADS. I always thought
    >> winbind should switch to another DC if one is not reachable anymore.
    >> The windows servers in the same domain switched to a new one. do i
    >> have to specify more than 1 password server in smb.conf?

    >
    > No you shouldn't. What version of Samba is this ?
    >
    > Jeremy.
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] DC outage

    Hi Urs,

    you should not set any specific password server in the smb.conf
    if you want DC failover to work. Instead, leave it at the default,
    which is *, so that dns lookups of srv records is enabled.

    Cheers, Michael

    Urs Golla wrote:
    > it is the latest stable from sernet for rhel4 32bit
    >
    > On Thu, Jul 10, 2008 at 6:27 PM, Jeremy Allison wrote:
    > > On Thu, Jul 10, 2008 at 05:05:48PM +0200, Urs Golla wrote:
    > >> Hello
    > >>
    > >> We had an outage of one of our domain controllers today and all Linux
    > >> servers have lost their connection to the ADS. I always thought
    > >> winbind should switch to another DC if one is not reachable anymore.
    > >> The windows servers in the same domain switched to a new one. do i
    > >> have to specify more than 1 password server in smb.conf?

    > >
    > > No you shouldn't. What version of Samba is this ?
    > >
    > > Jeremy.
    > >

    > --
    > To unsubscribe from this list go to the following URL and read the
    > instructions: https://lists.samba.org/mailman/listinfo/samba


    --
    Michael Adam
    SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
    phone: +49-551-370000-0, fax: +49-551-370000-9
    AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
    http://www.SerNet.DE, mailto: Info @ SerNet.DE

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: comment

    iD8DBQFIdmunyU9JOBhPkDQRAhkeAJ0WhZ297bgUCVnUxQlpYn cGg42XiwCaAsTi
    AMcPnaoopVftJ41qLp4dA1s=
    =q6Jb
    -----END PGP SIGNATURE-----


  5. Re: [Samba] DC outage

    Hi Michael

    Thats what I thought after reading the manual again. is this entry
    needed for joining? as far as i remember, the join was not working
    when i had no pw server defined. hm... i will test again.

    cheers

    On Thu, Jul 10, 2008 at 10:05 PM, Michael Adam wrote:
    > Hi Urs,
    >
    > you should not set any specific password server in the smb.conf
    > if you want DC failover to work. Instead, leave it at the default,
    > which is *, so that dns lookups of srv records is enabled.
    >
    > Cheers, Michael
    >
    > Urs Golla wrote:
    >> it is the latest stable from sernet for rhel4 32bit
    >>
    >> On Thu, Jul 10, 2008 at 6:27 PM, Jeremy Allison wrote:
    >> > On Thu, Jul 10, 2008 at 05:05:48PM +0200, Urs Golla wrote:
    >> >> Hello
    >> >>
    >> >> We had an outage of one of our domain controllers today and all Linux
    >> >> servers have lost their connection to the ADS. I always thought
    >> >> winbind should switch to another DC if one is not reachable anymore.
    >> >> The windows servers in the same domain switched to a new one. do i
    >> >> have to specify more than 1 password server in smb.conf?
    >> >
    >> > No you shouldn't. What version of Samba is this ?
    >> >
    >> > Jeremy.
    >> >

    >> --
    >> To unsubscribe from this list go to the following URL and read the
    >> instructions: https://lists.samba.org/mailman/listinfo/samba

    >
    > --
    > Michael Adam
    > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
    > phone: +49-551-370000-0, fax: +49-551-370000-9
    > AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
    > http://www.SerNet.DE, mailto: Info @ SerNet.DE
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  6. Re: [Samba] DC outage

    Hi Urs,

    you can also set something like "password server = dc1 dc2 *"
    to specify preferred domain controllers, but keep failover
    autodetection enabled. But when the join with "password server = *"
    does not work, this indicates that you have a problem with
    autodetection generally.

    In order for dc detection to work with security = ads, you
    need to have (among other things) a proper dns configuration
    so that your kdc and domain controller can be found via dns
    queries for srv records. Optimally, (one of your) domain
    controller(s) is the dns name server.

    If problems persist, could you post your smb.conf here?

    Cheers - Michael

    Urs Golla wrote:
    > Hi Michael
    >
    > Thats what I thought after reading the manual again. is this entry
    > needed for joining? as far as i remember, the join was not working
    > when i had no pw server defined. hm... i will test again.
    >
    > cheers
    >
    > On Thu, Jul 10, 2008 at 10:05 PM, Michael Adam wrote:
    > > Hi Urs,
    > >
    > > you should not set any specific password server in the smb.conf
    > > if you want DC failover to work. Instead, leave it at the default,
    > > which is *, so that dns lookups of srv records is enabled.
    > >
    > > Cheers, Michael
    > >
    > > Urs Golla wrote:
    > >> it is the latest stable from sernet for rhel4 32bit
    > >>
    > >> On Thu, Jul 10, 2008 at 6:27 PM, Jeremy Allison wrote:
    > >> > On Thu, Jul 10, 2008 at 05:05:48PM +0200, Urs Golla wrote:
    > >> >> Hello
    > >> >>
    > >> >> We had an outage of one of our domain controllers today and all Linux
    > >> >> servers have lost their connection to the ADS. I always thought
    > >> >> winbind should switch to another DC if one is not reachable anymore.
    > >> >> The windows servers in the same domain switched to a new one. do i
    > >> >> have to specify more than 1 password server in smb.conf?
    > >> >
    > >> > No you shouldn't. What version of Samba is this ?
    > >> >
    > >> > Jeremy.
    > >> >
    > >> --
    > >> To unsubscribe from this list go to the following URL and read the
    > >> instructions: https://lists.samba.org/mailman/listinfo/samba


    --
    Michael Adam
    SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
    phone: +49-551-370000-0, fax: +49-551-370000-9
    AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
    http://www.SerNet.DE, mailto: Info @ SerNet.DE

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: comment

    iD8DBQFIdxx2yU9JOBhPkDQRAoc5AJ4jFkXmQv1F8uiqPwLEAp YT/0SxtACeJ3HO
    ZotAzLIFPB4DG3xwvfmYr+I=
    =Qegm
    -----END PGP SIGNATURE-----


  7. Re: [Samba] DC outage

    thanks for your reply. it will take me some time to test that. out dns
    servers are definitely not DCs.

    i have changed "password server" to * and restarted winbind, but "net
    ads status" still shows the same DC. how can i force winbind to use a
    different DC?

    On 7/11/08, Michael Adam wrote:
    > Hi Urs,
    >
    > you can also set something like "password server = dc1 dc2 *"
    > to specify preferred domain controllers, but keep failover
    > autodetection enabled. But when the join with "password server = *"
    > does not work, this indicates that you have a problem with
    > autodetection generally.
    >
    > In order for dc detection to work with security = ads, you
    > need to have (among other things) a proper dns configuration
    > so that your kdc and domain controller can be found via dns
    > queries for srv records. Optimally, (one of your) domain
    > controller(s) is the dns name server.
    >
    > If problems persist, could you post your smb.conf here?
    >
    > Cheers - Michael
    >
    > Urs Golla wrote:
    > > Hi Michael
    > >
    > > Thats what I thought after reading the manual again. is this entry
    > > needed for joining? as far as i remember, the join was not working
    > > when i had no pw server defined. hm... i will test again.
    > >
    > > cheers
    > >
    > > On Thu, Jul 10, 2008 at 10:05 PM, Michael Adam wrote:
    > > > Hi Urs,
    > > >
    > > > you should not set any specific password server in the smb.conf
    > > > if you want DC failover to work. Instead, leave it at the default,
    > > > which is *, so that dns lookups of srv records is enabled.
    > > >
    > > > Cheers, Michael
    > > >
    > > > Urs Golla wrote:
    > > >> it is the latest stable from sernet for rhel4 32bit
    > > >>
    > > >> On Thu, Jul 10, 2008 at 6:27 PM, Jeremy Allison wrote:
    > > >> > On Thu, Jul 10, 2008 at 05:05:48PM +0200, Urs Golla wrote:
    > > >> >> Hello
    > > >> >>
    > > >> >> We had an outage of one of our domain controllers today and all Linux
    > > >> >> servers have lost their connection to the ADS. I always thought
    > > >> >> winbind should switch to another DC if one is not reachable anymore.
    > > >> >> The windows servers in the same domain switched to a new one. do i
    > > >> >> have to specify more than 1 password server in smb.conf?
    > > >> >
    > > >> > No you shouldn't. What version of Samba is this ?
    > > >> >
    > > >> > Jeremy.
    > > >> >
    > > >> --
    > > >> To unsubscribe from this list go to the following URL and read the
    > > >> instructions: https://lists.samba.org/mailman/listinfo/samba

    >
    > --
    > Michael Adam
    > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
    > phone: +49-551-370000-0, fax: +49-551-370000-9
    > AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
    > http://www.SerNet.DE, mailto: Info @ SerNet.DE
    >
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread