[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
ole.traupe at tu-berlin.de
Thu Dec 10 14:00:20 UTC 2015
Am 10.12.2015 um 14:38 schrieb Rowland penny:
> On 10/12/15 13:25, Ole Traupe wrote:
>> Is it possible that kdc server is always the SOA, at least if
>> derived from DNS and not specified *explicitly* in the krb5.conf?
>> In my DNS-Manager console I find that
>> contains only 1 "_kerberos" record, and that one points to my First_DC.
> Your problem doesn't seem to be a dns problem, you should have two
> 'kerberos' records and no matter how good your dns is, it cannot
> obtain something that isn't there :-)
That's basically what I just wrote...
> See Louis's earlier post for how to attempt to fix this, but before
> you do anything, restart samba on the second DC and then check the
> logs, samba_dnsupdate should add the records you are missing.
However, my 2nd DC is not that new, I restarted it many times, just
again (samba service). No DNS records are created anywhere.
If I go through the DNS console, in each and every container there is
some entry for the 1st DC, but none for the 2nd (except on the top
levels: FQDN and _msdcs.FQDN).
Could this have to do with...
a) I demoted my initial 1st DC (seized FSMO roles) and got rid of DNS
entries via this script on the wiki?
b) set up the *new* 2nd DC on the hardware of the prior 1st DC (with the
same IP address)?
More information about the samba