[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
Ole Traupe
ole.traupe at tu-berlin.de
Tue Jan 5 11:30:16 UTC 2016
>
> I can't recall but are you able to get a packet trace? This may
> help further troubleshoot.
I'll look into this. However, Rowland stated that bind9 will be the only
solution.
>
> Just to recap you do you both servers listed as available DNS servers
> on your workstations? As well as your member server?
Yes, of course. For member servers, this is the content of /etc/resolv.conf:
search my.domain.tld
nameserver IP_of_1st_DC
nameserver IP_of_2nd_DC
> I made a small tweak but haven't fully tested is adding the following
> options to my resolv.conf.
>
> cat /etc/resolvconf/resolv.conf.d/tail
> options timeout:1
Great, this sounds exactly as what I need! However, I tried this: no
effect. I created this file and restarted the network service. But I
still get long timeouts and can't login via ssh, when I suspend my 1st DC.
# cat /etc/resolvconf/resolv.conf.d/tail
options timeout:1
options edns0
Or do I need Network Manager for that?
> options edns0
What's that for, particularly?
>
> timeout:n
> sets the amount of time the resolver will wait
> for a response from a remote name server before retrying the query
> via a different name
> server. Measured in seconds, the default is
> RES_TIMEOUT (currently 5, see <resolv.h>). The value for this option
> is silently capped to 30.
>
> edns0 (since glibc 2.6)
> sets RES_USE_EDNSO in _res.options. This enables
> support for the DNS extensions described in RFC 2671.
>
> From what I researched, this is the intended behavior on a Microsoft
> Server. Again I can disable my "PDC" and log in from a windows
> workstation just fine. It appears for some users after a hour or so
> they run into issues
I thought this was only happening with roaming machines resulting in
cached logins.
More information about the samba
mailing list