[Samba] AD DC out of sync
Lars Hanke
debian at lhanke.de
Thu Mar 12 17:43:31 MDT 2015
Hi Marc,
>> The cause is that the password change didn' reach both AD DCs, but only
>> one. The other one still had the old value as could be seen by
>> samba-tool ldapcmp. Restarting the DCs and waiting for a couple of
>> seconds brings them back to sync and Windows logons work as they used to.
>> Any idea, what I should do next time to obtain valuable output for
>> debugging?
>
> * What Samba version are you running?
The DCs are 4.1.17-Debian.
> * How many DCs?
Just two.
> * Can you force this problem to appear?
Need some more investigation here - I did not find any way reproducible
under arbitrary conditions.
> Just an idea: AD problems are often caused by DNS problems and we got
> the keyword "DNS islanding" in an other threat at the moment: Which DNS
> do your DCs use as primary? Their own or a different one? See
> http://retrohack.com/a-word-or-two-about-dns-islanding/
As I understood Linux resolving there is no static primary-secondary
concept for DNS. So I'll try to remove the self-dependence altogether
and see, if it enhances the situation.
Regards,
- lars.
More information about the samba
mailing list