[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Rowland penny rpenny at samba.org
Thu Dec 10 10:54:27 UTC 2015


On 10/12/15 10:44, L.P.H. van Belle wrote:
> Hai,
>
> Ah, ok, wel, yeah, i was missing the NS on the SOA.
>
> This is imo a bug, i dont know it this is by design for samba,
> so maybe a samba dev can answere this since every joined DC should have a NS record on the SOA as far as i know, but thats my opinion and i can be wrong here.
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
>> Verzonden: donderdag 10 december 2015 10:41
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller
>> initially fails when PDC is offline
>>
>> On 10/12/15 09:23, L.P.H. van Belle wrote:
>>> I was wondering why because in a full windows domain, every DC has an NS
>> record.
>>>
>> When you join a DC, the basic info is added to AD and then when the
>> samba deamon is started, samba_dnsupdate is run, this uses the file
>> dns_update_list to add (if required) various dns records. Guess what dns
>> records are not in that file?
>>
>> However, even if you add the missing NS records to the SOA records, if
>> you use the internal dns server, you will still only have one NS, this
>> appears to be your first DC. I am beginning to think that if you have
>> more than one DC, you should forget the internal DNS server and use
>> BIND_DLZ instead.
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>

When I can figure how to get into the new GitHub setup, I will be 
proposing a patch for this, it just needs three line adding to 
dns_update_list.

Rowland



More information about the samba mailing list