[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
ole.traupe at tu-berlin.de
Wed Nov 11 15:20:48 UTC 2015
I tested the AD (Samba4) domain log-in on Windows 7 clients and Linux
member servers with my PDC being offline (plugged the cable). It is not
working so well.
On Windows it initially takes forever. It works again after rebooting
the client, which seems to be the easiest solution (can be performed by
On Linux member servers, ssh log-in eventually times out. It works
again, after I manually swap the DNS server order in the
/etc/resolv.conf and the KDC provider order in the /etc/krb5.conf. But
manual intervention is clearly not preferred here.
According to the sanity checks for domain controllers and members
servers on the wiki setup and troubleshooting pages, my domain is
working at its best.
Is this due to DNS and kerberos timeouts accumulating? What is the best
way of dealing with this?
More information about the samba