[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

James lingpanda101 at gmail.com
Thu Dec 17 18:39:43 UTC 2015


On 12/17/2015 12:30 PM, Rowland penny wrote:
> On 17/12/15 17:01, James wrote:
>>
>>>
>>> You mean your users don't use domain accounts when they log on to 
>>> member servers, but they use local linux users?
>>>
>>>
>>>
>> Correct on my member server.
>>
>
> Then they are *not* domain users
>
>
>
Yes. Sorry for the lack of clarity.

Wireshark traces show my workstation using my other DC to authenticate 
and log in with when one is down. Event logs for windows workstations 
that had issues had Event 5719 and 1014. These workstations are 
portable. I'm thinking a latency issue with DNS resolve? Looking into my 
DNS cache and resolver times led me to something interesting. I flushed 
my dns cache on a windows workstation. Switched user and viewed my cache 
again. It showed the following.

_ldap._tcp.default-first-site-name._sites.dc2.domain.local
---------------------------------------------------------------------------------
Name does not exist.

_ldap.tcp.dc2.domain.local
------------------------------------------
Name does not exist.


A nslookup for _ldap._tcp.domain.local does display all my DC's.






-- 
-James




More information about the samba mailing list