[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
James
lingpanda101 at gmail.com
Fri Nov 27 13:18:28 UTC 2015
On 11/26/2015 10:35 AM, Ole Traupe wrote:
>
>>> ANYWAYS, I would like to approach from a different direction:
>>>
>>> If my first DC is offline, a ping on any of my domain machines takes
>>> 5+ seconds to resolve. I figure that my logon problems reflect
>>> multiple such timeouts during the logon process accumulating to a
>>> total duration not accepted by the unix logon mechanism.
>>>
>>> If there would be ANY way to reduce the time (to 1 s or something) a
>>> machines waits until it finally accepts that a DNS server just won't
>>> respond and goes over to the next one... - that actually might solve
>>> the issue.
>>>
>>> Is there an option for this on unix machines?
>>>
>>> Ole
>> You can add your DC's to your hosts file. Usually your hosts file is
>> queried first, prior to DNS for resolve.
>
> And this would speed up the whole process? Is this a guess or your
> experience?
>
>>
>> One thing I notice a bit odd is this
>>
>> SOA: serial=29, refresh=180, retry=600, expire=86400, minttl=180,
>> *ns=DC2.my.domain.tld.*, email=hostmaster.my.domain.tld.
>> (flags=600000f0, serial=0, ttl=3600)
>>
>> Normally your name server would be the same as your DC who is SOA.
>> Did you manually change this from DC1 to DC2? What DC is your SOA?
>
> I am sorry about the confusion. I demoted my DC1 a while ago due to
> hardware problems. I mean to replace it, because currently my First_DC
> (FSMO role holder and SOA) is a virtual machine on a storage server
> which isn't ideal for many reasons.
>
> Currently I have DC2 (First_DC) and DC3 (Second_DC). Had I paid
> attention to this, I would have changed the names in the text and
> output snippets I posted.
>
> Again: I apologize.
>
>
>>
>>
>>
>>
>>
>>
>>
>
>
Your host file is queried first before your dns server. I say usually
because you can change this behavior. This would speed up the process of
resolving your DNS servers IP to a hostname.
So is your DC2 now the SOA? Did you create the SOA RR for DC2?
--
-James
More information about the samba
mailing list