[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Ole Traupe ole.traupe at tu-berlin.de
Thu Dec 17 14:56:44 UTC 2015 


Am 17.12.2015 um 15:33 schrieb Rowland penny:
> On 17/12/15 13:54, Ole Traupe wrote:
>> Rowland, thank you, but before we do that:
>>
>> - what now with the 'gc' record? 2nd DC yes or no?
>
> Which one ? I have these:
>
> dn: 
> DC=_gc._tcp.Default-First-Site-Name._sites,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
>
> dn: 
> DC=_gc._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
>
> dn: 
> DC=_ldap._tcp.gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
>
> dn: 
> DC=_ldap._tcp.Default-First-Site-Name._sites.gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
>
> dn: 
> DC=gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
>
> They all contain two dnsrecords, one from each DC
>
>> - if you say that the internal DNS is not compatible with a multi-DC 
>> setting, than we can stop here, no?
>>
>
> Please stop putting words in my mouth :-)
>
> All I said was that you will only get one NS record if you use the 
> internal DNS server, 

Ok. And do you *need* both?


> everything else seems to work though, although I haven't tried turning 
> the first DC off yet.

Why? I mean, could you perhaps? Please?

>
> Rowland
>
>> Ole
>>
>>
>> Am 17.12.2015 um 14:32 schrieb Rowland penny:
>>> On 17/12/15 12:50, Ole Traupe wrote:
>>>>
>>>> I somehow doubt that. Still it seems that no one here has an idea 
>>>> of why log-on from member servers isn't working properly (for me). 
>>>> However, in the meantime I have created all the necessary DNS 
>>>> records. This can't be the issue anymore.
>>>>
>>>>
>>>
>>> If you are sure that you now have all the dns records for both DCs 
>>> in AD, then I would agree that this is probably not the issue (there 
>>> is just the 0.1% chance you are still missing something)
>>>
>>> Can your domain members find the DCs ?
>>> Do your domain members have a FQDN ?
>>> Are they joined to the domain ?
>>> What have got in smb.conf on the domain members ?
>>>
>>> You may have posted all or some of this before, but lets start again.
>>>
>>> Rowland
>>>
>>
>>
>
>

More information about the samba mailing list