Re: [Samba] DNS replication with samba4
Hi Marc, Thanks a lot, it was my mistake, I had not set correct permission on bdc for bind. I test with BIND and samba4 internal DNS, both works just fine without any issue. On Tue, Jun 25, 2013 at 8:21 AM, Marc Muehlfeld sa...@marc-muehlfeld.de wrote: Hello Remy, Am 19.06.2013 08:17, schrieb Mario Almeida: I have 2 samba4 DC as pdc and bdc. How to replicate DNS changes from pdc to bdc? Is it something that I have to do with bind DNS or something samba4 will take care? https://wiki.samba.org/index.php/Samba4/FAQ#How_do_I_get_DNS_failover_in_a_Multi-DC_environment.3F Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS replication with samba4
Dear All, I have 2 samba4 DC as pdc and bdc. How to replicate DNS changes from pdc to bdc? Is it something that I have to do with bind DNS or something samba4 will take care? //Remy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS replication with samba4
Hello Remy, Am 19.06.2013 08:17, schrieb Mario Almeida: I have 2 samba4 DC as pdc and bdc. How to replicate DNS changes from pdc to bdc? Is it something that I have to do with bind DNS or something samba4 will take care? https://wiki.samba.org/index.php/Samba4/FAQ#How_do_I_get_DNS_failover_in_a_Multi-DC_environment.3F Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS replication and BDCs
Hi Marc, comments below. On 6/20/2013 5:26 PM, Marc Muehlfeld wrote: Hello David, Am 20.06.2013 19:55, schrieb David González Herrera - [DGHVoIP]: I would like youi to point me or tell me how do I create a fail-over or high availability system so that when one of the DCs is down the other takes over Auth tasks and obviously DNS. I've thought a solution would be to make a slave BIND DNS on another slaver and replicate the Samba Zone and add aappropriate NS and A records to the main zone so that clients can query another DNS for the zone and not fail as I faced yesterday. This is a production environment scenario and I have many servers authenticating users against the samba server so if this fails everything else does. When you join a second DC to the AD (http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC), then the DNS part is also automatically replicated. Alright I have done that on the second DC but using internal, I get this if I dig the zone. root@bdc:~# dig @10.10.10.20 AXFR example.local ; DiG 9.9.2-P2 @10.10.10.20 AXFR example.local ; (1 server found) ;; global options: +cmd ; Transfer failed. root@bdc:~# dig @10.10.10.5 AXFR example.local ; DiG 9.9.2-P2 @10.10.10.5 AXFR example.local ; (1 server found) ;; global options: +cmd example.local. 3600IN SOA samba.example.local. hostmaster.example.local. 65 900 600 86400 0 example.local. 900 IN NS samba.example.local. example.local. 900 IN A 10.10.10.5 example.local. 900 IN A 21x.xxx.xxx.xxx example.local. 900 IN A 10.10.10.20 example.local. 900 IN A 10.10.10.15 example.local. 900 IN A 192.168.5.5 bdc.example.local. 900 IN A 10.10.10.20 bdc.example.local. 900 IN A 192.168.5.5 w2k8.example.local.1200IN A 10.10.10.15 samba.example.local. 900 IN A 10.10.10.5 samba.example.local. 900 IN A 21x.xxx.xxx.xxx DGHPC.example.local. 1200IN 2002:505:5bd::505:5bd DGHPC.example.local. 1200IN A 192.168.5.211 DGHPC.example.local. 1200IN A 5.5.5.189 _msdcs.example.local. 900 IN NS samba.example.local. _gc._tcp.example.local. 900IN SRV 0 100 3268 samba.example.local. _gc._tcp.example.local. 900IN SRV 0 100 3268 W2K8.example.local. _gc._tcp.example.local. 900IN SRV 0 100 3268 bdc.example.local. _ldap._tcp.example.local. 900 IN SRV 0 100 389 samba.example.local. _ldap._tcp.example.local. 900 IN SRV 0 100 389 W2K8.example.local. _ldap._tcp.example.local. 900 IN SRV 0 100 389 bdc.example.local. _kpasswd._udp.example.local. 900 INSRV 0 100 464 samba.example.local. _kpasswd._udp.example.local. 900 INSRV 0 100 464 W2K8.example.local. _kpasswd._udp.example.local. 900 INSRV 0 100 464 bdc.example.local. _kpasswd._tcp.example.local. 900 INSRV 0 100 464 samba.example.local. _kpasswd._tcp.example.local. 900 INSRV 0 100 464 W2K8.example.local. _kpasswd._tcp.example.local. 900 INSRV 0 100 464 bdc.example.local. _kerberos._udp.example.local. 900 IN SRV 0 100 88 samba.example.local. _kerberos._udp.example.local. 900 IN SRV 0 100 88 W2K8.example.local. _kerberos._udp.example.local. 900 IN SRV 0 100 88 bdc.example.local. _kerberos._tcp.example.local. 900 IN SRV 0 100 88 samba.example.local. _kerberos._tcp.example.local. 900 IN SRV 0 100 88 W2K8.example.local. _kerberos._tcp.example.local. 900 IN SRV 0 100 88 bdc.example.local. ForestDnsZones.example.local. 900 IN A 10.10.10.5 DomainDnsZones.example.local. 900 IN A 10.10.10.5 _ldap._tcp.ForestDnsZones.example.local. 900 IN SRV 0 100 389 samba.example.local. _ldap._tcp.DomainDnsZones.example.local. 900 IN SRV 0 100 389 samba.example.local. _gc._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 3268 samba.example.local. _gc._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 3268 W2K8.example.local. _gc._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 3268 bdc.example.local. _ldap._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 389 samba.example.local. _ldap._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 389 W2K8.example.local. _ldap._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 389 bdc.example.local. _kerberos._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 88 samba.example.local. _kerberos._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 88 W2K8.example.local. _kerberos._tcp.Default-First-Site-Name._sites.example.local. 900 IN SRV 0 100 88 bdc.example.local. _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.example.local. 900 INSRV 0 100 389
Re: [Samba] DNS replication and BDCs
Hello David, Am 21.06.2013 23:42, schrieb David González Herrera - [DGHVoIP]: root@bdc:~# dig @10.10.10.20 AXFR example.local . example.local. 900 IN A 10.10.10.5 example.local. 900 IN A 21x.xxx.xxx.xxx example.local. 900 IN A 10.10.10.20 example.local. 900 IN A 10.10.10.15 example.local. 900 IN A 192.168.5.5 . . Now I'd like to remove the public IP 21x.xxx.xxx.xxx from the zone I use: samba-tool dns delete samba.example.local example.local samba.example.local NS 21x.xxx.xxx.xxx -U Administrator samba-tool dns delete samba.example.local example.local samba.example.local A 21x.xxx.xxx.xxx -U Administrator They all succeed, but I keep seeing that when I dig the zone as you can see on the previous dig. I guess Samba is listening on the public IP as well? # netstat -taunp | grep samba | grep 21x.xxx.xxx.xxx If it does, then bind samba just to the interfaces, it should listen (this would also save you firewall rules, to prevent access on the other interfaces, when it won't listen there). bind interfaces only = yes interfaces = lo eth0 (set interfaces to all devices, Sambas services should listen on + localhost) Then restart Samba. Then you only have to configure your clients, to use the second machine as DNS server, too. This is what concerns me the most, as I'm connecting services as Postfix/Dovecot,OpenVPN I was using the IP of the PDC 10.10.10.5. Can I use example.local on my LDAP/AD clients configuration?. And will it be like round robin-dns, if one server doesn't respond will the pther take over?. Normally the most services work fine with hostnames instead of IPs. It makes you more flexible (round robin), but then the service depents on DNS, too. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS replication and BDCs
Hi, For normal readers you kn ow already my setup, but for those new here, I have a Samba4 PDC and two BDCs one a samba4 and the other a W2k8 R2 machine. Yesterday we had problems with our upstream service provider and my PDC (Backend BIND 9 DLZ) went down for some hours, as you might guess my whole AD was down due to the fact that the main DNS was down. I would like youi to point me or tell me how do I create a fail-over or high availability system so that when one of the DCs is down the other takes over Auth tasks and obviously DNS. I've thought a solution would be to make a slave BIND DNS on another slaver and replicate the Samba Zone and add aappropriate NS and A records to the main zone so that clients can query another DNS for the zone and not fail as I faced yesterday. This is a production environment scenario and I have many servers authenticating users against the samba server so if this fails everything else does. I'd really appreciate your advise here. Thanks again. -- David Gonzalez DGHVoIP USA: MOBILE: +1.646.559.6200 COL: +57.1.382.6718 COL: +57.4.247.0985 URL: www.dghvoip.com Skype: davidgonzalezh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS replication and BDCs
Hello David, Am 20.06.2013 19:55, schrieb David González Herrera - [DGHVoIP]: I would like youi to point me or tell me how do I create a fail-over or high availability system so that when one of the DCs is down the other takes over Auth tasks and obviously DNS. I've thought a solution would be to make a slave BIND DNS on another slaver and replicate the Samba Zone and add aappropriate NS and A records to the main zone so that clients can query another DNS for the zone and not fail as I faced yesterday. This is a production environment scenario and I have many servers authenticating users against the samba server so if this fails everything else does. When you join a second DC to the AD (http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC), then the DNS part is also automatically replicated. As you already have a second DC, please check, if Samba (or BIND) is listening on port 53 to answer DNS queries. # netstat -taunp | grep :53 Then you only have to configure your clients, to use the second machine as DNS server, too. There's nothing special you have to do here. You can use BIND or the internal DNS on the other DCs. It don't need to be the same than on your first one. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS Replication Between Samba4 DCs
On Wed, 2013-02-27 at 16:14 -0500, Andrew Hamilton wrote: I have been able to successfully install and configure a primary DC with Ubuntu 12.04 and the samba4 package as well as configure and join a secondary DC to the primary. However, I cannot DNS entries to replicate from the primary to the secondary (I haven't tried the other way around but I would like that working as well). Both are using BIND9_DLZ. Is DNS replication even supported with this setup or do I have to use the SAMBA INTERNAL setting? Yes, replication is supported, and should work just as well with DLZ and it would using the internal server. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS Replication Between Samba4 DCs
On Wed, 2013-02-27 at 16:14 -0500, Andrew Hamilton wrote: I have been able to successfully install and configure a primary DC with Ubuntu 12.04 and the samba4 package as well as configure and join a secondary DC to the primary. However, I cannot DNS entries to replicate from the primary to the secondary (I haven't tried the other way around but I would like that working as well). Both are using BIND9_DLZ. Is DNS replication even supported with this setup or do I have to use the SAMBA INTERNAL setting? Yes, replication is supported, and should work just as well with DLZ and it would using the internal server. Andrew Bartlett I'd like to know how I should set up resolv.conf in a future secondary DC to join an existing domain. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS Replication Between Samba4 DCs
Since the internal DNS server became available, I switched to that and it is replicating between DC's just fine. Only issue I see with it is that it does not return multiple A records in a round robin fashion. - Original Message - From: Andrew Hamilton ahamil...@facilityone.com To: samba@lists.samba.org Sent: Wednesday, February 27, 2013 3:14:15 PM Subject: [Samba] DNS Replication Between Samba4 DCs I have been able to successfully install and configure a primary DC with Ubuntu 12.04 and the samba4 package as well as configure and join a secondary DC to the primary. However, I cannot DNS entries to replicate from the primary to the secondary (I haven't tried the other way around but I would like that working as well). Both are using BIND9_DLZ. Is DNS replication even supported with this setup or do I have to use the SAMBA INTERNAL setting? -Andrew Hamilton Project Engineer www.facilityone.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS Replication Between Samba4 DCs
The same issue with me. No master slave config. possible if using DIND9_DLZ directly. Power off the Master ADS and there is no nslookup my.ads.domain possible anymore. Doing a flat-file config with bind you are up and running. Is there someone who solved that issue? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Hamilton Gesendet: Mittwoch, 27. Februar 2013 22:14 An: samba@lists.samba.org Betreff: [Samba] DNS Replication Between Samba4 DCs I have been able to successfully install and configure a primary DC with Ubuntu 12.04 and the samba4 package as well as configure and join a secondary DC to the primary. However, I cannot DNS entries to replicate from the primary to the secondary (I haven't tried the other way around but I would like that working as well). Both are using BIND9_DLZ. Is DNS replication even supported with this setup or do I have to use the SAMBA INTERNAL setting? -Andrew Hamilton Project Engineer www.facilityone.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS Replication Between Samba4 DCs
I have been able to successfully install and configure a primary DC with Ubuntu 12.04 and the samba4 package as well as configure and join a secondary DC to the primary. However, I cannot DNS entries to replicate from the primary to the secondary (I haven't tried the other way around but I would like that working as well). Both are using BIND9_DLZ. Is DNS replication even supported with this setup or do I have to use the SAMBA INTERNAL setting? -Andrew Hamilton Project Engineer www.facilityone.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS Replication
On Thu, 2012-12-13 at 06:47 -0700, Zane Zakraisek wrote: I created a test domain on a Samba 4.0.0 machine, and added a Server 2008 R2 server. I joined it as a domain controller and DNS server. I've noticed that records that I create on one server aren't being replicated to the other. I experienced this with some of the Betas and Release Candidates too, but I thought it was fixed. Why isn't DNS replication working? Thanks Samba team We need to look into this more, but this is why this has a specific note in the WHATSNEW. For some reason, getting this partition registered correctly for replication seems to be more difficult than for the main partitions. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS Replication
I created a test domain on a Samba 4.0.0 machine, and added a Server 2008 R2 server. I joined it as a domain controller and DNS server. I've noticed that records that I create on one server aren't being replicated to the other. I experienced this with some of the Betas and Release Candidates too, but I thought it was fixed. Why isn't DNS replication working? Thanks Samba team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
