[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Rowland penny rpenny at samba.org
Thu Dec 17 14:33:00 UTC 2015 

On 17/12/15 13:54, Ole Traupe wrote:
> Rowland, thank you, but before we do that:
>
> - what now with the 'gc' record? 2nd DC yes or no?

Which one ? I have these:

dn: 
DC=_gc._tcp.Default-First-Site-Name._sites,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com

dn: 
DC=_gc._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com

dn: 
DC=_ldap._tcp.gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com

dn: 
DC=_ldap._tcp.Default-First-Site-Name._sites.gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com

dn: 
DC=gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com

They all contain two dnsrecords, one from each DC

> - if you say that the internal DNS is not compatible with a multi-DC 
> setting, than we can stop here, no?
>

Please stop putting words in my mouth :-)

All I said was that you will only get one NS record if you use the 
internal DNS server, everything else seems to work though, although I 
haven't tried turning the first DC off yet.

Rowland

> Ole
>
>
> Am 17.12.2015 um 14:32 schrieb Rowland penny:
>> On 17/12/15 12:50, Ole Traupe wrote:
>>>
>>> I somehow doubt that. Still it seems that no one here has an idea of 
>>> why log-on from member servers isn't working properly (for me). 
>>> However, in the meantime I have created all the necessary DNS 
>>> records. This can't be the issue anymore.
>>>
>>>
>>
>> If you are sure that you now have all the dns records for both DCs in 
>> AD, then I would agree that this is probably not the issue (there is 
>> just the 0.1% chance you are still missing something)
>>
>> Can your domain members find the DCs ?
>> Do your domain members have a FQDN ?
>> Are they joined to the domain ?
>> What have got in smb.conf on the domain members ?
>>
>> You may have posted all or some of this before, but lets start again.
>>
>> Rowland
>>
>
>

More information about the samba mailing list