[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Ole Traupe ole.traupe at tu-berlin.de
Thu Dec 17 15:37:14 UTC 2015



Am 17.12.2015 um 16:10 schrieb Rowland penny:
> On 17/12/15 14:56, Ole Traupe wrote:
>>
>>
>> Am 17.12.2015 um 15:33 schrieb Rowland penny:
>>> On 17/12/15 13:54, Ole Traupe wrote:
>>>> Rowland, thank you, but before we do that:
>>>>
>>>> - what now with the 'gc' record? 2nd DC yes or no?
>>>
>>> Which one ? I have these:
>>>
>>> dn: 
>>> DC=_gc._tcp.Default-First-Site-Name._sites,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
>>>
>>> dn: 
>>> DC=_gc._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
>>>
>>> dn: 
>>> DC=_ldap._tcp.gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
>>>
>>> dn: 
>>> DC=_ldap._tcp.Default-First-Site-Name._sites.gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
>>>
>>> dn: 
>>> DC=gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
>>>
>>> They all contain two dnsrecords, one from each DC
>>>
>>>> - if you say that the internal DNS is not compatible with a 
>>>> multi-DC setting, than we can stop here, no?
>>>>
>>>
>>> Please stop putting words in my mouth :-)
>>>
>>> All I said was that you will only get one NS record if you use the 
>>> internal DNS server, 
>>
>> Ok. And do you *need* both?
>
> Not sure , but microsoft says you should have a SOA record for each DC 
> that runs DNS.

SOA or NS?

NS I have, SOA seems not possible.

>
>>
>>
>>
>>> everything else seems to work though, although I haven't tried 
>>> turning the first DC off yet.
>>
>> Why? I mean, could you perhaps? Please?
>>
>
> Probably, but not today, will do it as soon as possible.

I would be more than happy about that!

>
> Rowland
>
>
>
>
>




More information about the samba mailing list