Join an Additional Ubuntu DC to Samba4 AD DC for FailOver Replication – Part 5

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

10 Responses

  1. Zakky says:

    How long do the servers will do a replication? I created the domain replication successfully, but it cannot do the replication streamingly.

  2. James says:

    Question: if I have an existing Active Directory (2012 R2 forest and domain level) can I use this method to add an Ubuntu DC as my secondary?

  3. Keron Cyrus says:

    I follow all the steps, however, my second dc not replicating to the primary one. everything else seems successful. both machines came up as DC within the RSTAT tool, ldap and krb5 info was generated for both machine on rstat. Any thoughts ?

  4. Travis says:

    You have a typo here on step 14.

    # mv /etc/krb6.conf /etc/krb5.conf.initial
    # ln -s /var/lib/samba/private/krb5.conf /etc/
    # cat /etc/krb5.conf

    should be

    # mv /etc/krb5.conf /etc/krb5.conf.initial
    # ln -s /var/lib/samba/private/krb5.conf /etc/
    # cat /etc/krb5.conf

    also step 11

    # samba-tool domain join your_domain -U "your_domain_admin"

    should be

    # samba-tool domain join your_domain DC -U "your_domain_admin"
  5. pınar says:

    Hello, when I worked this line samba-tool domain join your_domain -U “your_domain_admin”, I had an error that is:

    oin failed - cleaning up
    checking sAMAccountName
    ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -   
      File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/", line 175, in _run
        return*args, **kwargs)
      File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/", line 555, in run
        machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
      File "/usr/local/samba/lib64/python2.7/site-packages/samba/", line 1172, in join_DC
      File "/usr/local/samba/lib64/python2.7/site-packages/samba/", line 1075, in do_join
      File "/usr/local/samba/lib64/python2.7/site-packages/samba/", line 515, in join_add_objects

    If you have any idea, Could you help me?

  6. Iulian Murgulet says:

    Hello again,

    Maybe it will be very usefull to add ALL the additional DC, like this(on adc1):

    samba-tool dns add your_domain.tld @ NS adc2.your_domain.tld -UAdministrator

    In this case ALL DCs will can act as full NS for DC.

  7. Iulian Murgulet says:

    And the best way to test fail-over AD DC is to stop the first AD DC server, for one or 2 days, and to see if you can work as usually with any AD client. This is the best test that you can try.

  8. Iulian Murgulet says:

    Hello to all,

    In my opinion, Step 3: Join to Samba4 AD DC as a Domain Controller could be …as a Additional Domain Controller. It ill be more clear.

    smb.conf will be better with
    winbind offline logon = true

    – because if your AD client is in a remote location he will not be able to logon, or even in the case that AD is down
    – on both AD DC you must put in resolv.conf the both AD DC ip address as nameservers.
    – on any additional AD DC you must setup the ntp in the correct way, if you do not go in problems – see a older tutorial from this series about samba4/AD.

    I also think it was wise to tell that if you run a samba file server on any AD DC server you need to reset the sysvol… and use rsync. Also kerberos could be improved so you can make a logon from different IP network/lan.

    As a side note the lower IP address are for servers ( for example) and higher are for networks devices like routers (like, or I am wrong ?

    And the last sentence…. backup. If you loose all AD DC you loose everything, so make backups of everything, AD DC, multiple switching path, bonding and so on !

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.