[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Rowland penny rpenny at samba.org
Thu Dec 10 13:18:19 UTC 2015


On 10/12/15 13:08, Ole Traupe wrote:
>
>
> Am 09.12.2015 um 17:53 schrieb L.P.H. van Belle:
>> Hai Ole,
>>
>> Can you run on the member where you logged in.
>>
>> host -t SRV _ldap._tcp.samdom.example.com.
>> host -t SRV _kerberos._udp.samdom.example.com.
>>
>> host -t A dc1.samdom.example.com.
>> host -t A dc2.samdom.example.com.
>>
>> and again with
>> search my.domain.tld
>> nameserver IP_of_2st_DC
>> nameserver IP_of_1nd_DC
>>
>
> Both times the same:
>
>
> [root at server me]# host -t SRV _ldap._tcp.my.domain.tld.
>     _ldap._tcp.my.domain.tld has SRV record 0 100 389 dc1.my.domain.tld.
>
> [root at server me]# host -t SRV _kerberos._udp.my.domain.tld.
> _kerberos._udp.my.domain.tld has SRV record 0 100 88 dc1.my.domain.tld.

You have problems, if you have two DCs, you should get something like this:

root at dc1:~# host -t SRV _ldap._tcp.samdom.example.com
_ldap._tcp.samdom.example.com has SRV record 0 100 389 
dc2.samdom.example.com.
_ldap._tcp.samdom.example.com has SRV record 0 100 389 
dc1.samdom.example.com.
root at dc1:~# host -t SRV _kerberos._udp.samdom.example.com
_kerberos._udp.samdom.example.com has SRV record 0 100 88 
dc1.samdom.example.com.
_kerberos._udp.samdom.example.com has SRV record 0 100 88 
dc2.samdom.example.com.

Rowland
>
> [root at server me]# host -t A dc1.my.domain.tld.
> dc1.my.domain.tld has address IP_of_FirstDC
>
> [root at server me]# host -t A dc2.my.domain.tld.
> dc2.my.domain.tld has address IP_of_SecondDC
>
> There is no need to restart network service after altering 
> resolv.conf, right?
>
>




More information about the samba mailing list