Web lists-archives.com

Re: [Samba] DC's are unavailable when PDC halted




On Wed, 8 Nov 2017 17:20:09 +0100
Ervin Hegedüs <airween@xxxxxxxxx> wrote:

> Hi,
> 
> 
> On Wed, Nov 08, 2017 at 03:21:28PM +0000, Rowland Penny wrote:
> > On Wed, 8 Nov 2017 14:33:28 +0100
> > Ervin Hegedüs <airween@xxxxxxxxx> wrote:
> > 
> > > When I turned off the open-ldap2, and open-ldap works, then the
> > > wbinfo -a returns with succeed, but only after 30 seconds.
> > 
> > 
> > OK, the problem here is not that you have turned off the first DC,
> > it is that the client keeps trying to connect to it for 30 seconds.
> > 
> > You need to add: 
> > 
> > 'timeout:1 attempts:2 rotate' 
> > 
> > to /etc/resolv.conf
> 
> okay, may be I've found something interest: the DC's have 2
> network interfaces (eth0: 192.168.100.n/26, eth1: 10.10.20.m/25).
> 
> We planned, that the eth0 and that network will be used.
> 
> But I've added the another network addresses to DNS too.
> 
> Perhaps this was my mistake, because I've removed the 10.10.20.x
> addresses from DNS (from domain, and from DC's A record), and now I
> turned off any DC (till another works, of course), and client can
> authenticate!
> 
> But. :)
> 
> After some minutes, the 10.10.20.x address gone back to DNS...
> and I didn't set it up...
> 
> # host -t A core.mydomain.hu
> core.mydomain.hu has address 192.168.255.100
> core.mydomain.hu has address 192.168.255.99
> 
> (takes few minutes...)
> 
> # host -t A core.mydomain.hu
> core.mydomain.hu has address 192.168.255.100
> core.mydomain.hu has address 10.10.20.202
> core.mydomain.hu has address 192.168.255.99
> 
> 
> How can I prevent that this record appears in zone?
> 
> I can delete that with samba-tool:
> 
> # samba-tool dns delete open-ldap.core.mydomain.hu core.mydomain.hu
> core.mydomain.hu A 10.10.20.202  -Uadministrator@xxxxxxxxxxxxxxxx
> Password for [administrator@xxxxxxxxxxxxxxxx]: Record deleted
> successfully # host -t A core.mydomain.hu
> core.mydomain.hu has address 192.168.255.100
> core.mydomain.hu has address 192.168.255.99
> 
> 
> but it comes again after some minutes...
> 
> 
> Thanks,
> 
> 
> a.
> 

Something must be putting it back, do you have a dhcp client running on
the machine ?

I have thought of something else, are both of your DCs Authoritative
for the dns domain ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba