I think a replication is only worth if you need high available servers. If your dc fail and your clients can wait you can do a single one.
----------------------------------------------- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Ursprüngliche Nachricht----- Von: Morten Kramer [mailto:node1...@googlemail.com] Gesendet: Sonntag, 17. Juni 2012 14:30 An: muel...@tropenklinik.de; 'Gémes Géza'; samba@lists.samba.org Betreff: Re: [Samba] Samba4 Multi-Master replication Thanks for the info, I did not try this setup yet. Anyway, Would you guys recommend a replication setup for production yet? The samba internal dns implementation being still work in progresss? I really wonder if I should just set up a single DC for starters and wait until the whole DNS will be part of samba. This Domain will only cater to about 100-150 clients and one DC should be easily able to deal with this workload?! A second DC would certainly a good idea, but i really wonder if it's worth the hassle right now. I can just take daily snapshots of a single DC and roll back if anything goes terribly wrong. Thanks for your input! -morten On 06/13/2012 09:00 AM, Daniel Müller wrote: > You always need to have two Samba4/dns and the entries of both dns in your > clients network settings too. > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > -----Ursprüngliche Nachricht----- > Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im > Auftrag von Gémes Géza > Gesendet: Dienstag, 12. Juni 2012 19:19 > An: samba@lists.samba.org > Betreff: Re: [Samba] Samba4 Multi-Master replication > > On 2012-06-12 12:16, Morten Kramer wrote: >> Hi guys, >> >> >> I'm trying to get the Samba4 multi-master replication to work. >> >> >> >> I set up the primary domain controller using this howto (under CentOS >> 6.2 x64): >> >> >> http://wiki.samba.org/index.php/Samba4/HOWTO >> >> >> >> I installed bind 9.8.3 and enabled encrypted dns updates. >> >> >> >> >> I set up another VM with the same CentOS version and oriented myself >> on this howto: >> >> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC >> >> to join the second DC into the domain. I edited /etc/resolv.conf and >> set the nameserver to the IP of the primary DC (bind dns server). >> >> >> Basic replication seems to work (not doing the rsync for sysvol yet). >> However, when i take the primary DC offline (bind keeps running), I >> can't use any of the .msc domain admin tools anymore. >> >> I always get an error message, telling me that there is no RPC server >> available. >> When i run gpmc.msc i can choose the DC i want to work on and I can >> see the secondary one, but it will come back with the RPC error. >> >> I had Wireshark running on one of the Windows7 clients. It seems like >> it tries to talk to the 2nd DC (DCERPC packets). But i'm not an expert >> in packet analysis, could somebody give me a hint what to look for here? >> >> >> >> User authentication does still work and Kerberos tickets are generated >> by the 2nd DC. >> >> >> >> I can find this in the log: >> >> >> ../source4/dsdb/kcc/kcc_topology.c:1402: failed to find nCName >> attribute of object >> CN=ac7bf69c-9458-4205-acba-6fe172412d1b,CN=Partitions,CN=Configuration >> ,DC=aeriatest2,DC=dc,DC=loc >> ../source4/dsdb/kcc/kcc_topology.c:3158: failed to color vertices: >> NT_STATUS_INTERNAL_DB_CORRUPTION >> ../source4/dsdb/kcc/kcc_topology.c:3415: failed to create connections: >> NT_STATUS_INTERNAL_DB_CORRUPTION >> ... >> Warning: 60 extra bytes in incoming RPC request >> ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with >> system_session >> >> >> >> Do i need to configure something extra, so the secondary DC will be >> able to act as an RPC server? >> >> >> >> >> >> Thanks, >> freezer > Hi, > > With your setup DNS is the single point of failure, because with the > (default) DLZ setup bind9 is able to serve DNS records only when samba4 is > running on that box. > My recommendation would be to try to set up DNS on the second DC too. > > Regards. > > Geza > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba