[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
rowlandpenny241155 at gmail.com
Wed Nov 11 16:05:35 UTC 2015
On 11/11/15 15:20, Ole Traupe wrote:
> I tested the AD (Samba4) domain log-in on Windows 7 clients and Linux
> member servers with my PDC being offline (plugged the cable). It is
> not working so well.
> On Windows it initially takes forever. It works again after rebooting
> the client, which seems to be the easiest solution (can be performed
> by the user).
> On Linux member servers, ssh log-in eventually times out. It works
> again, after I manually swap the DNS server order in the
> /etc/resolv.conf and the KDC provider order in the /etc/krb5.conf. But
> manual intervention is clearly not preferred here.
What have you got in /etc/resolv.conf on your first DC (please don't
call it a PDC) , your second DC and a Unix client.
Your /etc/krb5.conf only needs to look like this:
default_realm = SAMDOM.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
DNS should find your DCs
Are you running ntp on all the Unix machines?
> According to the sanity checks for domain controllers and members
> servers on the wiki setup and troubleshooting pages, my domain is
> working at its best.
> Is this due to DNS and kerberos timeouts accumulating? What is the
> best way of dealing with this?
More information about the samba