[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
L.P.H. van Belle
belle at bazuin.nl
Wed Dec 9 16:53:39 UTC 2015
Hai Ole,
Can you run on the member where you logged in.
host -t SRV _ldap._tcp.samdom.example.com.
host -t SRV _kerberos._udp.samdom.example.com.
host -t A dc1.samdom.example.com.
host -t A dc2.samdom.example.com.
and again with
search my.domain.tld
nameserver IP_of_2st_DC
nameserver IP_of_1nd_DC
looks ok to me sofare.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe
> Verzonden: woensdag 9 december 2015 17:33
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller
> initially fails when PDC is offline
>
>
> > - But when I try to ssh to a member server, it still takes forever,
> > and a 'kinit' on a member server gives this:
> > "kinit: Cannot contact any KDC for realm 'MY.DOMAIN.TLD' while
> > getting initial credentials"
> >
> >
> > My /etc/krb5.conf looks like this (following your suggestions,
> > Rowland, as everything else are defaults):
> >
> > [libdefaults]
> > default_realm = MY.DOMAIN.TLD
> >
> > And my /etc/resolv.conf is this:
> >
> > search my.domain.tld
> > nameserver IP_of_1st_DC
> > nameserver IP_of_2nd_DC
>
> Any idea why I still get this when trying to log on to a member server
> while the first DC is down?
>
> # kinit: Cannot contact any KDC for realm 'MY.DOMAIN.TLD' while getting
> initial credentials
>
> Ole
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list