[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
ole.traupe at tu-berlin.de
Thu Dec 17 14:46:12 UTC 2015
Am 17.12.2015 um 14:32 schrieb Rowland penny:
> On 17/12/15 12:50, Ole Traupe wrote:
>> I somehow doubt that. Still it seems that no one here has an idea of
>> why log-on from member servers isn't working properly (for me).
>> However, in the meantime I have created all the necessary DNS
>> records. This can't be the issue anymore.
> If you are sure that you now have all the dns records for both DCs in
> AD, then I would agree that this is probably not the issue (there is
> just the 0.1% chance you are still missing something)
> Can your domain members find the DCs ?
> Do your domain members have a FQDN ?
> Are they joined to the domain ?
> What have got in smb.conf on the domain members ?
> You may have posted all or some of this before, but lets start again.
Ok, there were still records missing (according to "samba_dnsupdate
--verbose"). I added them manually, and now I get "No DNS updates
needed" on both my DCs.
Still/again: "kinit" takes more than a minute on member servers, and
login via ssh is impossible now (times out eventually).
- what about that corrupted record I mentioned earlier, how can I get
rid if it?
- why does "samba_dnsupdate --verbose" on DC1 check records only against
1 instance (record from DC1), while the same command issued on DC2
checks records against both existing instances (records from DC1 and DC2)?
- why does the dns update fail in the first place? will I have the same
problem again with the next DC I set up?
- why do I still have the login problems?
More information about the samba