[Samba] secondary domain controller doesn't get used

Jason Keltz jas at eecs.yorku.ca
Thu Dec 3 15:55:27 UTC 2020


As I mentioned yesterday, I setup a secondary domain controller.

In my /etc/krb5.conf on all my test AD clients, I specify the IP of both 
kdcs:

[realms]
  AD.EECS.YORKU.CA = {
   kdc = IP1
   kdc = IP2
  }

If I'm logged into a system using the DC at IP1, and I stop the DC 
processes on IP1, then I try to run a command such as "whoami" on the AD 
client, I get "whoami: cannot find name for user ID X".

If I try to ssh to the system, my password doesn't work.

If I then put back up the DC processes on IP1, everything works.

What am I missing? Isn't the point of the alternate domain controller 
that I should be able to take one away, and the other would be used?

Jason.




More information about the samba mailing list