Problem:
UCS (memberserver) fileservers are using the dc master as default ldap server. If the dc master gets shut down the share mapping / -connection and other services are possibly lost, even if you have site dc’s or dc backup’s.
Solution:
1. Configure multiple ldap servers:
You configure multiple ldap servers for memberservers via ldap server policy.
You can find this setting at the memberserver itself in UMC or for example, for a more generic population, at the default memberserver container in the ldap directory tree in UMC.
This policy should include each ldap server - the first entry should always be the master. It is recommend to use the master and each available dc backup here. If no dc backup is available, use site dc’s (dc slave).
Unfortunately, older winbind versions were unable to use different ldap servers. So only, the LDAP server defined by ldap/server/name is written to the winbind configuration (/etc/samba/smb.conf).
As a quick workaround if the dc master is not reachable but other domaincontrollers are running and usable simply do the following at the fileserver in question:
ucr set ldap/server/name="FQDN of a running domain controller"
/etc/init.d/winbind restart
2. Configure DNS the right way:
Make sure that the following three points are configured.
- Site-DCs have their own IP as UCR nameserver1
Each site server has to use its own ip address as nameserver1 - for example:
ucr get nameserver1
ucr set nameserver1=$(ucr get interfaces/eth0/address)
- The clients on the site use the Site-DC as DNS (and WINS if applicable) server
Use ipconfig for example for analysis at your windows client:
ipconfig /a
- DRS and Listener-/Notifier replication of the Site-DC should be up to date
samba-tool drs showrepl
/usr/lib/nagios/plugins/check_univention\_replication
Have a look at SDB article 1235 and SDB article 1303 for detailed analytic steps.