I did also test my logins with one DC turned off.
And login on the DM is no problem or my pcs, no problem.
I did not test the AD logins thats because these have only linux logins for maintainance.
And that always works.
In a 2 DC setup, setup your nameservers first to the LAN ip of the server itself.
Resolv.conf example in a 2 DC setup when both servers are ALREADY in the AD.
Reboot and then switch them base as shown below and test again.
# Sample DC1.
# Sample DC2.
And you know, samba AD DC, does not run NMBD.
For the member resolv.conf which server goes first is up2you, but i suggest you also low the timeout.
These are good, and adjust to your need if you want bit quickers login when a DC is off/down.
# Rotate between the name servers.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:
[hidden email]] Namens
> Stefan G. Weichinger via samba
> Verzonden: donderdag 28 december 2017 14:54
> Aan: samba
> Onderwerp: [Samba] 2nd samba DC: NT_STATUS_NO_LOGON_SERVERS
>
>
> I added a 2nd DC (ADC2) to a samba-ADS today.
>
> debian-9.3, samba-4.6.11 from Louis
>
> followed
>
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Exis> ting_Active_Directory
>
> replication works afai see
>
> -
>
> We wanted to test services after turning off the first DC, and running
> ADC2 and a DM file-server only.
>
> DC1/backup: 10.0.0.224
> ADC2: 10.0.0.230
>
> We then get NT_STATUS_NO_LOGON_SERVERS
>
> On the DM server "main" we get:
>
> # nmblookup ARBEITSGRUPPE#1c
> added interface em1 ip=10.0.0.221 bcast=10.0.0.255
> netmask=255.255.255.0
>
> 10.0.0.224 ARBEITSGRUPPE<1c>
> 10.0.0.230 ARBEITSGRUPPE<1c>
>
> # nmblookup ARBEITSGRUPPE#1b
> added interface em1 ip=10.0.0.221 bcast=10.0.0.255
> netmask=255.255.255.0
> 10.0.0.224 ARBEITSGRUPPE<1b>
>
> -
>
> adc2:~# samba-tool testparm
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
> netbios name = ADC2
> realm = ARBEITSGRUPPE.HIDDEN.AT
> workgroup = ARBEITSGRUPPE
> dns forwarder = 10.0.0.254
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/arbeitsgruppe.hidden.at/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> -
>
> main # cat /etc/resolv.conf
> # Generated by net-scripts for interface eth0
> search arbeitsgruppe.hidden.at
> nameserver 10.0.0.230
> nameserver 10.0.0.224
>
> -
> root@adc2:~# systemctl status samba-ad-dc.service
> ??? samba-ad-dc.service - Samba AD Daemon
> Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled;
> vendor preset: enabled)
> Active: active (running) since Thu 2017-12-28 14:43:39
> CET; 8min ago
> Docs: man:samba(8)
> man:samba(7)
> man:smb.conf(5)
> Main PID: 1000 (samba)
> Status: "smbd: ready to serve connections..."
> Tasks: 22 (limit: 4915)
> CGroup: /system.slice/samba-ad-dc.service
> ??????1000 /usr/sbin/samba
> ??????1001 /usr/sbin/samba
> ??????1002 /usr/sbin/samba
> ??????1003 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
> ??????1004 /usr/sbin/samba
> ??????1005 /usr/sbin/samba
> ??????1006 /usr/sbin/samba
> ??????1007 /usr/sbin/samba
> ??????1008 /usr/sbin/samba
> ??????1009 /usr/sbin/samba
> ??????1010 /usr/sbin/samba
> ??????1011 /usr/sbin/samba
> ??????1012 /usr/sbin/samba
> ??????1013 /usr/sbin/samba
> ??????1014 /usr/sbin/samba
> ??????1015 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
> ??????1018 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
> ??????1019 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
> ??????1021 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
> ??????1022 /usr/sbin/smbd -D --option=server role
> check:inhibit=yes --foreground
> ??????1047 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
> ??????1048 /usr/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
>
>
> What do I miss here? Had to install "dnsutils" to make dns_update work
> ... I set up krb5.conf, nsswitch.conf ...
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:
https://lists.samba.org/mailman/options/samba>
>