Re: [Samba] Samba4 Multi-Master replication
I think a replication is only worth if you need high available servers. If your dc fail and your clients can wait you can do a single one. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Morten Kramer [mailto:node1...@googlemail.com] Gesendet: Sonntag, 17. Juni 2012 14:30 An: muel...@tropenklinik.de; 'Gémes Géza'; samba@lists.samba.org Betreff: Re: [Samba] Samba4 Multi-Master replication Thanks for the info, I did not try this setup yet. Anyway, Would you guys recommend a replication setup for production yet? The samba internal dns implementation being still work in progresss? I really wonder if I should just set up a single DC for starters and wait until the whole DNS will be part of samba. This Domain will only cater to about 100-150 clients and one DC should be easily able to deal with this workload?! A second DC would certainly a good idea, but i really wonder if it's worth the hassle right now. I can just take daily snapshots of a single DC and roll back if anything goes terribly wrong. Thanks for your input! -morten On 06/13/2012 09:00 AM, Daniel Müller wrote: You always need to have two Samba4/dns and the entries of both dns in your clients network settings too. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gémes Géza Gesendet: Dienstag, 12. Juni 2012 19:19 An: samba@lists.samba.org Betreff: Re: [Samba] Samba4 Multi-Master replication On 2012-06-12 12:16, Morten Kramer wrote: Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration ,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer Hi, With your setup DNS is the single point of failure, because with the (default) DLZ setup bind9 is able to serve DNS records only when samba4 is running on that box. My recommendation would be to try to set up DNS on the second DC too. Regards. Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Multi-Master replication
Thanks for the info, I did not try this setup yet. Anyway, Would you guys recommend a replication setup for production yet? The samba internal dns implementation being still work in progresss? I really wonder if I should just set up a single DC for starters and wait until the whole DNS will be part of samba. This Domain will only cater to about 100-150 clients and one DC should be easily able to deal with this workload?! A second DC would certainly a good idea, but i really wonder if it's worth the hassle right now. I can just take daily snapshots of a single DC and roll back if anything goes terribly wrong. Thanks for your input! -morten On 06/13/2012 09:00 AM, Daniel Müller wrote: You always need to have two Samba4/dns and the entries of both dns in your clients network settings too. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gémes Géza Gesendet: Dienstag, 12. Juni 2012 19:19 An: samba@lists.samba.org Betreff: Re: [Samba] Samba4 Multi-Master replication On 2012-06-12 12:16, Morten Kramer wrote: Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration ,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer Hi, With your setup DNS is the single point of failure, because with the (default) DLZ setup bind9 is able to serve DNS records only when samba4 is running on that box. My recommendation would be to try to set up DNS on the second DC too. Regards. Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Multi-Master replication
You always need to have two Samba4/dns and the entries of both dns in your clients network settings too. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gémes Géza Gesendet: Dienstag, 12. Juni 2012 19:19 An: samba@lists.samba.org Betreff: Re: [Samba] Samba4 Multi-Master replication On 2012-06-12 12:16, Morten Kramer wrote: Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration ,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer Hi, With your setup DNS is the single point of failure, because with the (default) DLZ setup bind9 is able to serve DNS records only when samba4 is running on that box. My recommendation would be to try to set up DNS on the second DC too. Regards. Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Multi-Master replication ( slave setup possible ?)
Is it possible to create slave DNS servers of the samba server. I would like to setup like this. ( this is also my running setup with samba 3) SLAVEDNS1 \ SAMBA(DNS) / Clients pc's with dns servers slave1 and slave2 \ SLAVEDNS2 / I my case slavedns(1) is also master of an external lan which is replicated to slavedns2. This was needed because of security and the way i extract the external dns settings, dont ask why, i just created a solution which my ICT company could not. so the question is, can i do this with samba4 and bind DLZ setup? Louis -Oorspronkelijk bericht- Van: muel...@tropenklinik.de [mailto:samba-boun...@lists.samba.org] Namens Daniel Müller Verzonden: 2012-06-13 09:01 Aan: 'Gémes Géza'; samba@lists.samba.org Onderwerp: Re: [Samba] Samba4 Multi-Master replication You always need to have two Samba4/dns and the entries of both dns in your clients network settings too. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gémes Géza Gesendet: Dienstag, 12. Juni 2012 19:19 An: samba@lists.samba.org Betreff: Re: [Samba] Samba4 Multi-Master replication On 2012-06-12 12:16, Morten Kramer wrote: Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration ,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer Hi, With your setup DNS is the single point of failure, because with the (default) DLZ setup bind9 is able to serve DNS records only when samba4 is running on that box. My recommendation would be to try to set up DNS on the second DC too. Regards. Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Multi-Master replication
On 2012-06-13 17:10, steve wrote: On 12/06/12 19:19, Gémes Géza wrote: On 2012-06-12 12:16, Morten Kramer wrote: Hi guys, I'm trying to get the Samba4 multi-master replication to work. With your setup DNS is the single point of failure, because with the (default) DLZ setup bind9 is able to serve DNS records only when samba4 is running on that box. My recommendation would be to try to set up DNS on the second DC too. Hi Would both DC's and every client have both IP's in their resolv.conf (or whatever windoze calls it)? Cheers, Steve Short answer: Yes Longer answer: The easiest is to do that via dhcp Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Multi-Master replication
Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline, I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Multi-Master replication
Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Multi-Master replication
Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Multi-Master replication
On 2012-06-12 12:16, Morten Kramer wrote: Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC to join the second DC into the domain. I edited /etc/resolv.conf and set the nameserver to the IP of the primary DC (bind dns server). Basic replication seems to work (not doing the rsync for sysvol yet). However, when i take the primary DC offline (bind keeps running), I can't use any of the .msc domain admin tools anymore. I always get an error message, telling me that there is no RPC server available. When i run gpmc.msc i can choose the DC i want to work on and I can see the secondary one, but it will come back with the RPC error. I had Wireshark running on one of the Windows7 clients. It seems like it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert in packet analysis, could somebody give me a hint what to look for here? User authentication does still work and Kerberos tickets are generated by the 2nd DC. I can find this in the log: ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName attribute of object CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration,DC=aeriatest2,DC=dc,DC=loc ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: NT_STATUS_INTERNAL_DB_CORRUPTION ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: NT_STATUS_INTERNAL_DB_CORRUPTION ... Warning: 60 extra bytes in incoming RPC request ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with system_session Do i need to configure something extra, so the secondary DC will be able to act as an RPC server? Thanks, freezer Hi, With your setup DNS is the single point of failure, because with the (default) DLZ setup bind9 is able to serve DNS records only when samba4 is running on that box. My recommendation would be to try to set up DNS on the second DC too. Regards. Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
