[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Ole Traupe ole.traupe at tu-berlin.de
Wed Nov 11 15:20:48 UTC 2015


I tested the AD (Samba4) domain log-in on Windows 7 clients and Linux 
member servers with my PDC being offline (plugged the cable). It is not 
working so well.

On Windows it initially takes forever. It works again after rebooting 
the client, which seems to be the easiest solution (can be performed by 
the user).

On Linux member servers, ssh log-in eventually times out. It works 
again, after I manually swap the DNS server order in the 
/etc/resolv.conf and the KDC provider order in the /etc/krb5.conf. But 
manual intervention is clearly not preferred here.

According to the sanity checks for domain controllers and members 
servers on the wiki setup and troubleshooting pages, my domain is 
working at its best.

Is this due to DNS and kerberos timeouts accumulating? What is the best 
way of dealing with this?


More information about the samba mailing list