[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Ole Traupe ole.traupe at tu-berlin.de
Thu Dec 17 14:46:12 UTC 2015

Am 17.12.2015 um 14:32 schrieb Rowland penny:
> On 17/12/15 12:50, Ole Traupe wrote:
>> I somehow doubt that. Still it seems that no one here has an idea of 
>> why log-on from member servers isn't working properly (for me). 
>> However, in the meantime I have created all the necessary DNS 
>> records. This can't be the issue anymore.
> If you are sure that you now have all the dns records for both DCs in 
> AD, then I would agree that this is probably not the issue (there is 
> just the 0.1% chance you are still missing something)
> Can your domain members find the DCs ?
> Do your domain members have a FQDN ?
> Are they joined to the domain ?
> What have got in smb.conf on the domain members ?
> You may have posted all or some of this before, but lets start again.
> Rowland

Ok, there were still records missing (according to "samba_dnsupdate 
--verbose"). I added them manually, and now I get "No DNS updates 
needed" on both my DCs.

Still/again: "kinit" takes more than a minute on member servers, and 
login via ssh is impossible now (times out eventually).

Some questions:

- what about that corrupted record I mentioned earlier, how can I get 
rid if it?
- why does "samba_dnsupdate --verbose" on DC1 check records only against 
1 instance (record from DC1), while the same command issued on DC2 
checks records against both existing instances (records from DC1 and DC2)?
- why does the dns update fail in the first place? will I have the same 
problem again with the next DC I set up?
- why do I still have the login problems?


More information about the samba mailing list