[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
Ole Traupe
ole.traupe at tu-berlin.de
Thu Nov 26 15:35:22 UTC 2015
>> ANYWAYS, I would like to approach from a different direction:
>>
>> If my first DC is offline, a ping on any of my domain machines takes
>> 5+ seconds to resolve. I figure that my logon problems reflect
>> multiple such timeouts during the logon process accumulating to a
>> total duration not accepted by the unix logon mechanism.
>>
>> If there would be ANY way to reduce the time (to 1 s or something) a
>> machines waits until it finally accepts that a DNS server just won't
>> respond and goes over to the next one... - that actually might solve
>> the issue.
>>
>> Is there an option for this on unix machines?
>>
>> Ole
> You can add your DC's to your hosts file. Usually your hosts file is
> queried first, prior to DNS for resolve.
And this would speed up the whole process? Is this a guess or your
experience?
>
> One thing I notice a bit odd is this
>
> SOA: serial=29, refresh=180, retry=600, expire=86400, minttl=180,
> *ns=DC2.my.domain.tld.*, email=hostmaster.my.domain.tld.
> (flags=600000f0, serial=0, ttl=3600)
>
> Normally your name server would be the same as your DC who is SOA. Did
> you manually change this from DC1 to DC2? What DC is your SOA?
I am sorry about the confusion. I demoted my DC1 a while ago due to
hardware problems. I mean to replace it, because currently my First_DC
(FSMO role holder and SOA) is a virtual machine on a storage server
which isn't ideal for many reasons.
Currently I have DC2 (First_DC) and DC3 (Second_DC). Had I paid
attention to this, I would have changed the names in the text and output
snippets I posted.
Again: I apologize.
>
>
>
>
>
>
>
More information about the samba
mailing list