[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
Rowland penny
rpenny at samba.org
Fri Dec 18 14:42:13 UTC 2015
On 18/12/15 14:23, Ole Traupe wrote:
>
>
> Am 18.12.2015 um 14:56 schrieb Rowland penny:
>> On 18/12/15 12:07, Ole Traupe wrote:
>>>
>>>
>>> Am 18.12.2015 um 12:30 schrieb Rowland penny:
>>>> On 18/12/15 11:19, Ole Traupe wrote:
>>>>> Hi Rowland,
>>>>>
>>>>> I am very thankful, that you take the time and test all this!
>>>>
>>>> No problem.
>>>>
>>>>>
>>>>> Before I go and check if this is the same with my setup and
>>>>> possibly the problem, could you perhaps try a logon to a member
>>>>> server, while the 1st DC is unavailable?
>>>>
>>>> Ah, slight problem there, as I said, this is just a couple of test
>>>> DCs and there are no test domain members, you will have to bear
>>>> with me whilst I create one.
>>>
>>> I would be very greatful, and I guess many others too.
>>>
>>> I heard from many sides that you should really only use bind9 in
>>> case you plan a more complicated setup. Until now I thought that
>>> having 2 DCs wasn't considered as such.
>>>
>>>
>>
>> Hi Ole, Would you like to know how to set up bind9 ? or to put it
>> another way, you cannot login via ssh to a domain member if the the
>> first DC goes down when you are using the internal dns server. If you
>> use bind9, you can login, although there is a bit of a lag.
>>
>> Rowland
>>
>
> Hi Rowland,
>
> yes, I would like to know how to migrate. But before that: are you
> 100% sure that this is the problem? Before having tested it?
>
> How much lag?
>
> Ole
>
>
>
Hi Ole, all I can say is that I have two DCs running in VMs, they use
the internal dns server. I have joined a samba domain member (again
running in a VM) to the domain. If I turn off the first DC I created, I
cannot log into the domain member via ssh, but if I have both DCs
running, I can. There is another problem, after I restart the first DC,
I still cannot login, I had to restart Samba on all three machines
before I could log into the domain member again.
With my domain that uses Bind9, I turned off the first DC and attempted
to log into a domain member via ssh, after a few seconds (approx 5) it
logged me in, I then exited again, restarted the first DC again and
tried to log in again, this time there was no lag and I logged in
straight away.
Can I suggest that you do what I did, create your own small test domain
in VMs using Bind9
Rowland
More information about the samba
mailing list