[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

Ole Traupe ole.traupe at tu-berlin.de
Thu Jan 7 11:00:07 UTC 2016 

Guys, as much as I like troubleshooting (I admit it), we all have 
already spent way too much time on this. I strongly feel we should wrap 
it up here. This issue either is due to my faulty configuration, or 
there is a general problem with the internal DNS of Samba (seems to me; 
also Rowland's interpretation, if I am right).

So, as I already created a problem in my DNS (an invisible faulty record 
I cannot delete anymore), I would like to take this opportunity of a 
clean (DNS) slate by switching to bind9 - maybe with your help, Rowland? 
Ideally without starting completely from scratch.

In addition, I recommend updating the wiki like this:
- Currently it seems that with Samba's internal DNS fail-over safety 
cannot reliably be achieved.
- Therefore it is strongly suggested to use bind9 in any setup that is 
intended to go in production sooner or later.
- At the moment, Samba's internal DNS must be seen as a quick and 
convenient solution for *testing* purposes only.

Ole


Am 07.01.2016 um 11:48 schrieb Ole Traupe:
> Please don't post any sensitive information - even if I forget 
> sanitizing it.
>
> This is probably the reason behind it: Our corporate DNS servers hold 
> info about our machines. This works together with DHCP. By registering 
> the machines I simply prevent any IP conflicts. My domain DNS has 
> nothing to do with it. In my domain members (Win clients and Linux 
> servers) only my DCs are set as DNS servers and these members don't 
> use DHCP.
>
> Within my subnet, I get exactly the same as Rowland reported below.
>
> Ole
>
>
> Am 07.01.2016 um 10:28 schrieb L.P.H. van Belle:
>> Yes, thats exacly what ole must test.
>>
>> And optionaly the result of :
>> dig A internal.domain.tld @IP_DC1
>> dig A internal.domain.tld @IP_DC2
>>
>> Greetz,
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny
>>> Verzonden: donderdag 7 januari 2016 10:20
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller
>>> initially fails when PDC is offline
>>>
>>> On 07/01/16 08:45, L.P.H. van Belle wrote:
>>>> Hai Ole,
>>>>
>>>> What does this give you as output?
>>>> host bpn.tu-berlin.de
>>>>
>>>> I assum you dnsdomain name is the same as your REALM_NAME ?
>>>>
>>>> For me it show the 2 ipadresses of my DC's.
>>>> And my MX record.
>>>>
>>>> Greetz,
>>>>
>>>> Louis
>>>>
>>> Hi Louis and Ole, Just for interest I ran 'host bpn.tu-berlin.de' in a
>>> terminal, all I get back is:
>>>
>>> bpn.tu-berlin.de mail is handled by 100 mail.tu-berlin.de.
>>>
>>> No NS records
>>>
>>> Yet when I search on my dns/kerberos domain:
>>>
>>> host samdom.example.com
>>> samdom.example.com has address 192.168.0.6
>>> samdom.example.com has address 192.168.0.5
>>>
>>> Rowland
>>>
>>>
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

More information about the samba mailing list