[Samba] DC's are unavailable when PDC halted

[Ervin Hegedüs]

Hi folks,

there are two Samba4 DC server. The first one is the "PDC", and
after I finished to set up that, I've joined the second one.

There is a Linux client, where I configured the samba, and joined
it to domain as member. Now I see these:

# net ads status -U administrator
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: OPEN-CLIENT
instanceType: 4
whenCreated: 20171108075440.0Z
...
distinguishedName:
CN=OPEN-CLIENT,CN=Computers,DC=core,DC=mydomain,DC=hu
-------------- Security Descriptor (revision: 1, type: 0x8c17)
owner SID: S-1-5-21-1111351423-2542600865-3078305116-512
group SID: S-1-5-21-1111351423-2542600865-3078305116-512
------- (system) ACL (revision: 4, size: 120, number of ACEs: 2)
------- ACE (type: 0x07, flags: 0x5a, size: 0x38, mask: 0x20, object flags: 0x3)
access SID:  S-1-1-0
...

(a long output...)

# wbinfo --ping-dc
checking the NETLOGON for domain[CORE] dc connection to "open-ldap2.core.mydomain.hu" succeeded

(note, that the open-ldap2 is the second server).

When I halted the open-ldap (which is the primary DC), all of the
commands above runs timed out.

If I halted the open-ldap2, then wbinfo timed out, but the "net
ads status" shows the message above.


What em I missing? The reason is why I configured two DC's, that
if one of them is kicked, the AD available continously.


Thanks,


a.