[Samba] winbind talking to backup ADS server

news.gmane.org looper_man at yahoo.com
Thu Apr 22 15:13:47 GMT 2004


I've set up samba 3.02a and have it successfully authenticating against a
Windows 2000 ADS Server.  Everything is working great, except that samba
(winbind?) won't talk to the backup ADS server when the primary ADS server
goes down.  I'm shutting off the primary ADS server to test this, and when I
do I get the following:

[root at iceberg /etc]# /usr/local/samba/bin/wbinfo -u
Error looking up domain users

"getent passwd" also doesn't work.  When the primary ADS server is online,
everything works.

This seems to be a winbind problem ... when the primary is offline, all
windows users can log into the domain from their PCs, and I can successfully
get a kerberos ticket on my samba server machine from the secondary ADS
server (/etc/krb5.conf uses DNS to lookup the kerberos server), but winbind
doesn't seem to find it.

I tried three different settings for "password server" in smb.conf:

password server = PRIMARY_ADS_IP

... and the third was just not specifying a "password server".  All three
give the same result: I can authenticate when the primary is up, but not
when it's offline.

Looking at tcpdump (though I'm not an expert), it seems like winbind is
continually trying to contact the primary ADS server even after is goes away
.... Any ideas?  Where does winbind get the information about what ADS
server to talk to?


More information about the samba mailing list