[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
Ole Traupe
ole.traupe at tu-berlin.de
Thu Nov 26 15:51:16 UTC 2015
> they can all reply to queries.
> But on my AD there is only one NS, the SOA.
> In fact I thought the SOA was here to distinguish which NS among all NS is
> the master.
>
> With only one NS record when several DNS are present for the same zone, I
> expect only one NS will reply to every request so, according to what I had
> understood about DNS, only one DC will receive all requests from clients.
>
> If I'm right, why Samba does not add NS when a DC is joined?
>
> Today I played with fsmo seize. I haven't checked NS records until now. I
> have 2 DCs, DC1 & DC2, DC2 became new FSMO, I also modified SOA record to
> set SOA on DC2.
> Looking for NS record of my AD I have only DC1 as NS when DC2 is SOA.
>
> Ole,
>
> I would declare DC2 as NS. Then once DC1 is off, when a client would ask
> for NS list of your AD this client would receive DC1 + DC2 and would have
> more chances to send its request to DC2.
>
> Then you re-run your test with only DC2 up and running.
> Note DNS have need time to be updated if you are using others DNS servers
> between clients and AD DCs.
Mathias, thank you, I will try this. This is very similar to what
Rowland suggested. Sorry for not testing this earlier, there were other
things I had to attend to.
What I ask myself: this is the content of my /etc/resolv.conf (without
">", of course)
> search my.domain.tld
> nameserver __IP_of_First_DC__
> nameserver __IP_of_Second_DC__
This doesn't do the trick? Or will the client ask the NS, who the NS for
the AD domain is?
More information about the samba
mailing list