It should be possible to specify other DCs that will be used instead of the DC master by the clients if possible.
If I understand you correctly you mean as DNS & authentication server (LDAP & Kerberos).
I adjusted the subject of the bug, because "site DC" is a term specific to Samba and currently we neither install Samba packages on Ubuntu nor join Samba.
*** Bug 50896 has been marked as a duplicate of this bug. ***
(In reply to Christina Scheinig from comment #6 at Bug #50896) [..] > But I am not sure, why we can not use the same mechanism to join a ubuntu on > a school site as we do with a windows client. Maybe I am missing something. Windows and Mac OS X clients join directly to Samba 4 / Active Directory. During this process the DC Slave initiates a connection to write the change to the DC Master. The Ubuntu Join Assist is designed to work in environments without Samba 4 and therefore initiates the connection to the DC Master directly. > ----------------------- > In my earlier tests I could not join against the master, but adjusting the > following config files made it possible to login against the school slave. > > In the configuration files the settings must be changed from Master to > School Slave. > > /etc/auth-client-config/profile.d/sss > /etc/sssd/sssd.conf > /etc/machine.secret > /etc/ldap/ldap.conf > /usr/share/pam-configs/ucs_mkhomedir > /etc/krb5.conf > > The DNS can be changed with this command: > > nmcli con mod 'Kabelgebunden Verbindung1' ipv4.dns "10.200.43.33" > > 'nmcli connection show' shows the name of the connection → for me > 'Kabelgebunden Verbindung1' The IP is the one of my school slave. My understanding of this feature request is to allow the usage of already joined clients without issues even if the DC Master is unavailable. I think we need to have the settins mentioned above more dynamic.
d6c01ba Bug #49847: tmp -> /dev/shm 6a01bdc Bug #49847: fix typo 9ec245c Bug #49847: Merge branch 'jbremer/ubuntu20.04-dev' into ubuntu20.04 b10461a Bug #49847: Add option to choose DC I added the option to choose another DC besides the DC Master to join to. There are a few differences between Samba DCs and Heimdal DCs that needed to be handled. If the DC one chose to join to isn't a Samba DC, the kpasswd server needs to be the Master still, or else a password change won't work. I tested this with normal Non-Samba DCs, Samba DCs and School Slaves. I did not configure a fallback server or something in that regard. We could open another bug for that feature request.
ef3b7f8 Bug #49847: fixup shell-quoting
added --dc-ip, removed --master-ip, dc_ip can be any UCS DC, ldap/server/name from this DC is used as ldap server and kdc server on the client ldap/master from this DC is used as kpasswd server in case the DC has no samba installed (only samba DC are valid kpasswd servers) so there is no failover here, but we can now join against any DC (a direct connection to the master is not required, although DNS has to work)
We tested the following scenarios: No-Samba: UCS Master join: OK kerberos auth : OK ldap auth : OK password change: OK home dir created: OK UCS Slave join: OK kerberos auth : OK ldap auth : OK password change: OK home dir created: OK ----------------------------------- Samba: UCS Master join: OK kerberos auth : OK ldap auth : OK password change: OK home dir created: OK UCS Slave join: OK kerberos auth : OK ldap auth : OK password change: OK home dir created: OK ------------------------------------ UCS@School Slave join: OK kerberos auth : OK ldap auth : OK password change: OK home dir created: OK Verified
Released