[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

mj lists at merit.unu.edu
Wed Dec 2 10:31:01 UTC 2015

> I can find on the internet multiple instances of 'every DC running dns
> should have a SOA record', but I cannot find any concrete examples of an
> ldif that shows this. Does each DC have a separate SOA record in AD, or
> is there just one SOA record and the DC just claims to be the SOA, or is
> there just one SOA record with an NS record for each DC. Samba would
> seem to be the later, but I am struggling with adding the NS record for
> a new DC during the join, I think what happens is that the NS record
> does get added, but is wiped out when replication kicks in. It is very
> easy to add the NS record after the join with samba-tool.
> Rowland

I remember vaguely that someone once told me that MS DCs always announce 
themselves as the soa if asked. If they always reply that, perhaps there 
is no need for it to actually be in the database (so it would perhaps 
not show up in an ldif)


More information about the samba mailing list