[Samba] sssd problems after dc1 is no longer online

[Rowland Penny]

On 24/07/14 11:56, mourik jan heupink - merit wrote:
> Hi Rowland,
>
>> To me, it looks like your kerberos ticket has expired, but there appears
>> to be a problem finding the kdc, what do you have in krb5.conf and
> It seems that there are missing quite some dns entries for my dc3:
>
> Failed to find matching DNS entry SRV _kpasswd._tcp.samba.company.com 
> dc3.samba.company.com 464
> Failed to find matching DNS entry SRV _kerberos._tcp.samba.company.com 
> dc3.samba.company.com 88
> Failed to find matching DNS entry SRV _kpasswd._udp.samba.company.com 
> dc3.samba.company.com 464
> Failed to find matching DNS entry SRV 
> _kerberos._tcp.default-first-site-name._sites.samba.company.com 
> dc3.samba.company.com 88
>
> I should add them manually. But add them locally on DC3, or on DC2?
>
> And I'm unsure about the exact command to use, reading from the samba 
> wiki, something like:
>
> samba-tool dns add dc2.samba.company.com samba.company.com 
> _kpasswd._tcp.samba.company.com SRV 'dc3.samba.company.com 464 0 100'
>
> But I'm a bit hesitant to simply start adding dns stuff like this. 
> Does the above look correct?

The command looks correct and it shouldn't matter which DC you update, 
it should replicate to the other, but it obviously isn't.

I had a similar problem some time ago and tried to demote the affected 
DC, I ran into the 2 fsmo roles problem and in the end I started again 
from scratch, but this was on a test domain and I think that you are in 
production, so this may not be an option for you.

Rowland