[Samba] [airween at gmail.com: DC's are still unavailable when PDC halted]

Ervin Hegedüs airween at gmail.com
Mon Nov 13 14:31:16 UTC 2017 

Hi folks,

sorry for the re-post, I need some help to solve this problem.

Since my previous e-mail, we made a set-up: there is a Clear Pass
device (Aruba), which controlls the network access for users.

Between the CP and these two DC's there is a load balancer.

But, when we stopped the DC1, which was set up first, and the DC2
works continously, then the authentication of users is stopped
for few minutes. Without LB, there is the same situation.

Looks like the DC2 (which had joined later to the domain) needs
for DC1.

But now, here is the original e-mail:



I've completely re-installed my DC's and Linux member. I've
followed the docs step-by-step on Samba's wiki page, everything
is works as well.

Here is what I see on my member

# cat /etc/hosts
127.0.0.1	localhost localhost.localdomain

192.168.255.98	open-client.wificloud.local	open-client


# cat /etc/resolv.conf 
options timeout:1
options attempts:2
options rotate
search wificloud.local
nameserver 192.168.255.99
nameserver 192.168.255.100

first check:

# time wbinfo --ping-dc
checking the NETLOGON for domain[WIFICLOUD] dc connection to "open-ldap.wificloud.local" succeeded

real	0m0.017s
user	0m0.012s
sys	0m0.000s

right, seems like it works, shutted down the DC above
(open-ldap), and check again:

# time wbinfo --ping-dc
checking the NETLOGON for domain[WIFICLOUD] dc connection to "open-ldap.wificloud.local" failed
wbcPingDc2(WIFICLOUD): error code was NT_STATUS_NETWORK_ACCESS_DENIED (0xc00000ca)

real	1m4.560s
user	0m0.008s
sys	0m0.004s
# time wbinfo --ping-dc
hecking the NETLOGON for domain[WIFICLOUD] dc connection to "open-ldap2.wificloud.local" succeeded

real	0m40.595s
user	0m0.008s
sys	0m0.008s

okay, it works after sime sleeping... open-ldap bringed up,
open-ldap2 shutted down, check again:

# time wbinfo --ping-dc
checking the NETLOGON for domain[WIFICLOUD] dc connection to "open-ldap2.wificloud.local" failed
wbcPingDc2(WIFICLOUD): error code was NT_STATUS_NETWORK_ACCESS_DENIED (0xc00000ca)

real	0m16.309s
user	0m0.004s
sys	0m0.008s
# time wbinfo --ping-dc
checking the NETLOGON for domain[WIFICLOUD] dc connection to "open-ldap.wificloud.local" succeeded

real	0m1.260s
user	0m0.008s
sys	0m0.004s

well done - it works, but after the DC stops, there are too much
timeout. How can I decrease it?



Thanks,



a.

More information about the samba mailing list