[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Rowland penny rpenny at samba.org
Thu Dec 10 13:38:35 UTC 2015

On 10/12/15 13:25, Ole Traupe wrote:
> Is it possible that kdc server is always the SOA,  at least if derived 
> from DNS and not specified *explicitly* in the krb5.conf?
> In my DNS-Manager console I find that
> _tcp.dc._msdcs.bpn.tu-berlin.de
> contains only 1 "_kerberos" record, and that one points to my First_DC.
> Ole

Your problem doesn't seem to be a dns problem, you should have two 
'kerberos' records and no matter how good your dns is, it cannot obtain 
something that isn't there :-)

See Louis's earlier post for how to attempt to fix this, but before you 
do anything, restart samba on the second DC and then check the logs, 
samba_dnsupdate should add the records you are missing.


More information about the samba mailing list