Web lists-archives.com

Re: [Samba] 2nd samba DC: NT_STATUS_NO_LOGON_SERVERS




Hai Stephan, 

You need also this in smb.conf

    # enable offline logins
    winbind offline logon = yes

I did also test my logins with one DC turned off. 
And login on the DM is no problem or my pcs, no problem. 

I did not test the AD logins thats because these have only linux logins for maintainance. 
And that always works. 

In a 2 DC setup, setup your nameservers first to the LAN ip of the server itself. 
Resolv.conf example in a 2 DC setup when both servers are ALREADY in the AD. 
When the second DC isnt in the AD jet, switch the servers in resolv.conf
Reboot and then switch them base as shown below and test again. 

# Sample DC1. 
search arbeitsgruppe.hidden.at
# DC1 
nameserver 192.168.0.1
# DC2 
nameserver 192.168.0.2
# Internet Fallback (optional) 
#nameserver 8.8.8.8

# Sample DC2. 
search arbeitsgruppe.hidden.at
# DC2 
nameserver 192.168.0.2
# DC1 
nameserver 192.168.0.1
# Internet Fallback (optional) 
#nameserver 8.8.8.8

And you know, samba AD DC, does not run NMBD. 

For the member resolv.conf which server goes first is up2you, but i suggest you also low the timeout. 
These are good, and adjust to your need if you want bit quickers login when a DC is off/down. 
# options to add in resolv.conf
# timeout, default 30 sec.
options timeout:3
# attempts defaults to 5.
options attempts:2
# Rotate between the name servers. 
options rotate



Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Stefan G. Weichinger via samba
> Verzonden: donderdag 28 december 2017 14:54
> Aan: samba
> Onderwerp: [Samba] 2nd samba DC: NT_STATUS_NO_LOGON_SERVERS
> 
> 
> I added a 2nd DC (ADC2) to a samba-ADS today.
> 
> debian-9.3, samba-4.6.11 from Louis
> 
> followed
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Exis
> ting_Active_Directory
> 
> replication works afai see
> 
> -
> 
> We wanted to test services after turning off the first DC, and running
> ADC2 and a DM file-server only.
> 
> DC1/backup: 10.0.0.224
> ADC2: 10.0.0.230
> 
> We then get NT_STATUS_NO_LOGON_SERVERS
> 
> On the DM server "main" we get:
> 
> # nmblookup ARBEITSGRUPPE#1c
> added interface em1 ip=10.0.0.221 bcast=10.0.0.255 
> netmask=255.255.255.0
> 
> 10.0.0.224 ARBEITSGRUPPE<1c>
> 10.0.0.230 ARBEITSGRUPPE<1c>
> 
> # nmblookup ARBEITSGRUPPE#1b
> added interface em1 ip=10.0.0.221 bcast=10.0.0.255 
> netmask=255.255.255.0
> 10.0.0.224 ARBEITSGRUPPE<1b>
> 
> -
> 
> adc2:~# samba-tool  testparm
> Press enter to see a dump of your service definitions
> 
> # Global parameters
> [global]
> 	netbios name = ADC2
> 	realm = ARBEITSGRUPPE.HIDDEN.AT
> 	workgroup = ARBEITSGRUPPE
> 	dns forwarder = 10.0.0.254
> 	server role = active directory domain controller
> 	idmap_ldb:use rfc2307 = yes
> 
> [netlogon]
> 	path = /var/lib/samba/sysvol/arbeitsgruppe.hidden.at/scripts
> 	read only = No
> 
> [sysvol]
> 	path = /var/lib/samba/sysvol
> 	read only = No
> 
> -
> 
> main # cat /etc/resolv.conf
> # Generated by net-scripts for interface eth0
> search arbeitsgruppe.hidden.at
> nameserver 10.0.0.230
> nameserver 10.0.0.224
> 
> -
> root@adc2:~# systemctl status samba-ad-dc.service
> ??? samba-ad-dc.service - Samba AD Daemon
>    Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled;
> vendor preset: enabled)
>    Active: active (running) since Thu 2017-12-28 14:43:39 
> CET; 8min ago
>      Docs: man:samba(8)
>            man:samba(7)
>            man:smb.conf(5)
>  Main PID: 1000 (samba)
>    Status: "smbd: ready to serve connections..."
>     Tasks: 22 (limit: 4915)
>    CGroup: /system.slice/samba-ad-dc.service
>            ??????1000 /usr/sbin/samba
>            ??????1001 /usr/sbin/samba
>            ??????1002 /usr/sbin/samba
>            ??????1003 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
>            ??????1004 /usr/sbin/samba
>            ??????1005 /usr/sbin/samba
>            ??????1006 /usr/sbin/samba
>            ??????1007 /usr/sbin/samba
>            ??????1008 /usr/sbin/samba
>            ??????1009 /usr/sbin/samba
>            ??????1010 /usr/sbin/samba
>            ??????1011 /usr/sbin/samba
>            ??????1012 /usr/sbin/samba
>            ??????1013 /usr/sbin/samba
>            ??????1014 /usr/sbin/samba
>            ??????1015 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
>            ??????1018 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
>            ??????1019 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
>            ??????1021 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
>            ??????1022 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
>            ??????1047 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
>            ??????1048 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
> 
> 
> What do I miss here? Had to install "dnsutils" to make dns_update work
> ... I set up krb5.conf, nsswitch.conf ...
> 
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba