[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

[L.P.H. van Belle]

> >
> 
> Possibly, but can you try this on your second DC, run 'samba_dnsupdate
> --verbose'
> 
> Rowland
> 

Yeah, should fix it. 
But do run it on both your dc.s 
And compair the output a bit.

For example,  look at the first five lines. 
Per server diffent. 

Looking for DNS entry SRV _ldap._tcp.xxx-xxx-xxx-xxx-xx.domain._msdcs.domain 
Should give 2 server on both outputs. 

After you did this on both servers, reboot the PRIMARY DC, when up, reboot the second DC. 

Check again with : host -t SRV _ldap._tcp.YOURDOMAIN.TLD

And in reply to...  
>
> Walk throug the _msdcs for what your missing.
> I guest, all the second DC entries.

Which are?
The A CNAME NS 

> > Have a look als in zone YOURDOMAIN and look in the _XXX
> > Here you should have also 1 entry per DC.
> 
> Everywhere?
Yeah, all _ entries. 

But ! 

As i recall samba_dnsupdate  --verbose should fix this. 
So first try with the commands and let samba fix it. 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe
> Verzonden: donderdag 10 december 2015 15:22
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller
> initially fails when PDC is offline
> 
> 
> 
> Am 10.12.2015 um 15:04 schrieb L.P.H. van Belle:
> > Ok, im using the RSAT tools so howto get more info and fix this.
> >
> > Start  Active Directory Sites and Services
> > Klik on Sites, Default-First-Site-Name - Server.
> > Your should see you second DC also, if not, you can add it manualy.
> > I dont know the samba-tools commands for this one.
> 
> It is there.
> 
> >
> > In the DNS admin.
> > Go to _msdcs.YOURDOMAIN.
> > Look at the aliasses.
> > These are the names you need in Active Directory Sites and Services
> > You should see also 2 ! aliasses, if you seeing one, this must be fixed
> first.
> 
> Both are there.
> 
> >
> > And ! VERY IMPORTANT !!
> > Under the _msdcs.DOMAINS..
> > In pdc _tcp  here should be ONLY THE PRIMARY DC !
> 
> Yes, only 1st DC is there.
> 
> >
> > Walk throug the _msdcs for what your missing.
> > I guest, all the second DC entries.
> 
> Which are?
> 
> >
> > Have a look als in zone YOURDOMAIN and looin in the _XXX
> > Here you should have also 1 entry per DC.
> 
> Everywhere?
> 
> >
> > Louis
> >
> >
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
> >> Verzonden: donderdag 10 december 2015 14:50
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller
> >> initially fails when PDC is offline
> >>
> >> On 10/12/15 13:40, Ole Traupe wrote:
> >>>> You have problems, if you have two DCs, you should get something like
> >>>> this:
> >>>>
> >>>> root at dc1:~# host -t SRV _ldap._tcp.samdom.example.com
> >>>> _ldap._tcp.samdom.example.com has SRV record 0 100 389
> >>>> dc2.samdom.example.com.
> >>>> _ldap._tcp.samdom.example.com has SRV record 0 100 389
> >>>> dc1.samdom.example.com.
> >>>> root at dc1:~# host -t SRV _kerberos._udp.samdom.example.com
> >>>> _kerberos._udp.samdom.example.com has SRV record 0 100 88
> >>>> dc1.samdom.example.com.
> >>>> _kerberos._udp.samdom.example.com has SRV record 0 100 88
> >>>> dc2.samdom.example.com.
> >>>>
> >>>> Rowland
> >>> Definitely, good! :)
> >>>
> >>> However, I have been there, done that:
> >>> https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
> >>>
> >>> This page says nothing about ldap or kerberos... why?!
> >>>
> >>> Ole
> >>>
> >>>
> >>>
> >> Probably because either nobody has noticed the problem or the problem
> >> hasn't been reported before.
> >>
> >> Rowland
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba