[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
L.P.H. van Belle
belle at bazuin.nl
Tue Jan 5 12:41:06 UTC 2016
For the member servers, to reduce timeouts etc when one DC is down.
Change your resolv.conf to :
domain internal.domain.tld
search internal.domain.tld
nameserver IP_DC1
nameserver IP_DC2
options timeout:2
options attempts:2
options rotate
options edns0
see man resolv.conf for the options explained.
Ow.. and ..
domain and search are NOT exclusive anymore in Debian Jessie and up.
At least, i didnt find it anymore.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe
> Verzonden: dinsdag 5 januari 2016 12:30
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller
> initially fails when PDC is offline
>
>
> >
> > I can't recall but are you able to get a packet trace? This may
> > help further troubleshoot.
>
> I'll look into this. However, Rowland stated that bind9 will be the only
> solution.
>
>
> >
> > Just to recap you do you both servers listed as available DNS servers
> > on your workstations? As well as your member server?
>
> Yes, of course. For member servers, this is the content of
> /etc/resolv.conf:
>
> search my.domain.tld
> nameserver IP_of_1st_DC
> nameserver IP_of_2nd_DC
>
>
> > I made a small tweak but haven't fully tested is adding the following
> > options to my resolv.conf.
> >
> > cat /etc/resolvconf/resolv.conf.d/tail
> > options timeout:1
>
> Great, this sounds exactly as what I need! However, I tried this: no
> effect. I created this file and restarted the network service. But I
> still get long timeouts and can't login via ssh, when I suspend my 1st DC.
>
> # cat /etc/resolvconf/resolv.conf.d/tail
> options timeout:1
> options edns0
>
> Or do I need Network Manager for that?
>
>
> > options edns0
>
> What's that for, particularly?
>
>
> >
> > timeout:n
> > sets the amount of time the resolver will wait
> > for a response from a remote name server before retrying the query
> > via a different name
> > server. Measured in seconds, the default is
> > RES_TIMEOUT (currently 5, see <resolv.h>). The value for this option
> > is silently capped to 30.
> >
> > edns0 (since glibc 2.6)
> > sets RES_USE_EDNSO in _res.options. This enables
> > support for the DNS extensions described in RFC 2671.
> >
> > From what I researched, this is the intended behavior on a Microsoft
> > Server. Again I can disable my "PDC" and log in from a windows
> > workstation just fine. It appears for some users after a hour or so
> > they run into issues
>
> I thought this was only happening with roaming machines resulting in
> cached logins.
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list