[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
Ole Traupe
ole.traupe at tu-berlin.de
Thu Dec 10 14:22:15 UTC 2015
Am 10.12.2015 um 15:04 schrieb L.P.H. van Belle:
> Ok, im using the RSAT tools so howto get more info and fix this.
>
> Start Active Directory Sites and Services
> Klik on Sites, Default-First-Site-Name - Server.
> Your should see you second DC also, if not, you can add it manualy.
> I dont know the samba-tools commands for this one.
It is there.
>
> In the DNS admin.
> Go to _msdcs.YOURDOMAIN.
> Look at the aliasses.
> These are the names you need in Active Directory Sites and Services
> You should see also 2 ! aliasses, if you seeing one, this must be fixed first.
Both are there.
>
> And ! VERY IMPORTANT !!
> Under the _msdcs.DOMAINS..
> In pdc _tcp here should be ONLY THE PRIMARY DC !
Yes, only 1st DC is there.
>
> Walk throug the _msdcs for what your missing.
> I guest, all the second DC entries.
Which are?
>
> Have a look als in zone YOURDOMAIN and looin in the _XXX
> Here you should have also 1 entry per DC.
Everywhere?
>
> Louis
>
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
>> Verzonden: donderdag 10 december 2015 14:50
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller
>> initially fails when PDC is offline
>>
>> On 10/12/15 13:40, Ole Traupe wrote:
>>>> You have problems, if you have two DCs, you should get something like
>>>> this:
>>>>
>>>> root at dc1:~# host -t SRV _ldap._tcp.samdom.example.com
>>>> _ldap._tcp.samdom.example.com has SRV record 0 100 389
>>>> dc2.samdom.example.com.
>>>> _ldap._tcp.samdom.example.com has SRV record 0 100 389
>>>> dc1.samdom.example.com.
>>>> root at dc1:~# host -t SRV _kerberos._udp.samdom.example.com
>>>> _kerberos._udp.samdom.example.com has SRV record 0 100 88
>>>> dc1.samdom.example.com.
>>>> _kerberos._udp.samdom.example.com has SRV record 0 100 88
>>>> dc2.samdom.example.com.
>>>>
>>>> Rowland
>>> Definitely, good! :)
>>>
>>> However, I have been there, done that:
>>> https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
>>>
>>> This page says nothing about ldap or kerberos... why?!
>>>
>>> Ole
>>>
>>>
>>>
>> Probably because either nobody has noticed the problem or the problem
>> hasn't been reported before.
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list