[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
ole.traupe at tu-berlin.de
Thu Jan 7 11:00:07 UTC 2016
Guys, as much as I like troubleshooting (I admit it), we all have
already spent way too much time on this. I strongly feel we should wrap
it up here. This issue either is due to my faulty configuration, or
there is a general problem with the internal DNS of Samba (seems to me;
also Rowland's interpretation, if I am right).
So, as I already created a problem in my DNS (an invisible faulty record
I cannot delete anymore), I would like to take this opportunity of a
clean (DNS) slate by switching to bind9 - maybe with your help, Rowland?
Ideally without starting completely from scratch.
In addition, I recommend updating the wiki like this:
- Currently it seems that with Samba's internal DNS fail-over safety
cannot reliably be achieved.
- Therefore it is strongly suggested to use bind9 in any setup that is
intended to go in production sooner or later.
- At the moment, Samba's internal DNS must be seen as a quick and
convenient solution for *testing* purposes only.
Am 07.01.2016 um 11:48 schrieb Ole Traupe:
> Please don't post any sensitive information - even if I forget
> sanitizing it.
> This is probably the reason behind it: Our corporate DNS servers hold
> info about our machines. This works together with DHCP. By registering
> the machines I simply prevent any IP conflicts. My domain DNS has
> nothing to do with it. In my domain members (Win clients and Linux
> servers) only my DCs are set as DNS servers and these members don't
> use DHCP.
> Within my subnet, I get exactly the same as Rowland reported below.
> Am 07.01.2016 um 10:28 schrieb L.P.H. van Belle:
>> Yes, thats exacly what ole must test.
>> And optionaly the result of :
>> dig A internal.domain.tld @IP_DC1
>> dig A internal.domain.tld @IP_DC2
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
>>> Verzonden: donderdag 7 januari 2016 10:20
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller
>>> initially fails when PDC is offline
>>> On 07/01/16 08:45, L.P.H. van Belle wrote:
>>>> Hai Ole,
>>>> What does this give you as output?
>>>> host bpn.tu-berlin.de
>>>> I assum you dnsdomain name is the same as your REALM_NAME ?
>>>> For me it show the 2 ipadresses of my DC's.
>>>> And my MX record.
>>> Hi Louis and Ole, Just for interest I ran 'host bpn.tu-berlin.de' in a
>>> terminal, all I get back is:
>>> bpn.tu-berlin.de mail is handled by 100 mail.tu-berlin.de.
>>> No NS records
>>> Yet when I search on my dns/kerberos domain:
>>> host samdom.example.com
>>> samdom.example.com has address 192.168.0.6
>>> samdom.example.com has address 192.168.0.5
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba