[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Ole Traupe ole.traupe at tu-berlin.de
Fri Nov 20 12:45:36 UTC 2015

Am 20.11.2015 um 13:08 schrieb Rowland Penny:
> On 20/11/15 11:07, mathias dufresne wrote:
>> I would not perform test unplugging DC ethernet cables but rather
>> unplugging clients ethernet cables.
> That is a totally different problem there, if there are no DCs 
> available, can users still login?
> 'winbind offline logon = yes' will deal with this

Thanks for pointing this out, Rowland. I think, on Windows this is 
possible, too. Sometimes, The Windows logon is successful during my test 
scenario after waiting 1+ minutes. I was wondering whether this was an 
offline logon. Seems reasonable to me.

> Rowland
>> This because you seem to have already several DC 'at least 2 as one is
>> called DC2) so normally, if you don't have a too bad karma, both servers
>> should go down at same time.
>> But your client can become unavailable to reach your working DCs. A user
>> with a laptop can use his laptop outside of your LAN.
>> And what seems to me important is that user can use his laptop when it
>> can't discuss with DCs.
>> On your enterprise LAN the whole AD should not become unavailable: you
>> designed it for it is always available (several DC are meant for that
>> purpose) so that seems to me a non-relevant test case. But of course I
>> don't know your context and perhaps it is a valid test case for you ;)

If I am not totally stupid, this is exactly, what I want to achieve. But 
obviously, I can't authenticate against any other than the first DC.


More information about the samba mailing list