[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

James lingpanda101 at gmail.com
Fri Nov 27 14:30:45 UTC 2015 

On 11/27/2015 9:19 AM, Rowland Penny wrote:
> On 27/11/15 13:18, James wrote:
>> On 11/26/2015 10:35 AM, Ole Traupe wrote:
>>>
>>>>> ANYWAYS, I would like to approach from a different direction:
>>>>>
>>>>> If my first DC is offline, a ping on any of my domain machines 
>>>>> takes 5+ seconds to resolve. I figure that my logon problems 
>>>>> reflect multiple such timeouts during the logon process 
>>>>> accumulating to a total duration not accepted by the unix logon 
>>>>> mechanism.
>>>>>
>>>>> If there would be ANY way to reduce the time (to 1 s or something) 
>>>>> a machines waits until it finally accepts that a DNS server just 
>>>>> won't respond and goes over to the next one... - that actually 
>>>>> might solve the issue.
>>>>>
>>>>> Is there an option for this on unix machines?
>>>>>
>>>>> Ole
>>>> You can add your DC's to your hosts file. Usually your hosts file 
>>>> is queried first, prior to DNS for resolve.
>>>
>>> And this would speed up the whole process? Is this a guess or your 
>>> experience?
>>>
>>>>
>>>> One thing I notice a bit odd is this
>>>>
>>>> SOA: serial=29, refresh=180, retry=600, expire=86400, minttl=180, 
>>>> *ns=DC2.my.domain.tld.*, email=hostmaster.my.domain.tld. 
>>>> (flags=600000f0, serial=0, ttl=3600)
>>>>
>>>> Normally your name server would be the same as your DC who is SOA. 
>>>> Did you manually change this from DC1 to DC2? What DC is your SOA?
>>>
>>> I am sorry about the confusion. I demoted my DC1 a while ago due to 
>>> hardware problems. I mean to replace it, because currently my 
>>> First_DC (FSMO role holder and SOA) is a virtual machine on a 
>>> storage server which isn't ideal for many reasons.
>>>
>>> Currently I have DC2 (First_DC) and DC3 (Second_DC). Had I paid 
>>> attention to this, I would have changed the names in the text and 
>>> output snippets I posted.
>>>
>>> Again: I apologize.
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>> Your host file is queried first before your dns server. I say usually 
>> because you can change this behavior. This would speed up the process 
>> of resolving your DNS servers IP to a hostname.
>>
>> So is your DC2 now the SOA? Did you create the SOA RR for DC2?
>>
>
> What SOA RR for DC2?
>
> You can only have one SOA record.
>
> Rowland
>
>
I meant did he update the SOA record to reflect that DC2 is now SOA.

-- 
-James

More information about the samba mailing list