[Samba] second dc not working properly

Rowland penny rpenny at samba.org
Wed Dec 9 11:14:32 UTC 2020

On 08/12/2020 23:20, Jason Keltz via samba wrote:
> On 12/8/2020 4:35 PM, Rowland penny via samba wrote:
>> On 08/12/2020 21:09, Jason Keltz via samba wrote:
>>> I'm running Samba 4.11.16 on CentOS 7 and not having much luck with 
>>> failover to a second domain controller.  I could *really* use some 
>>> help.
>>> I know my Samba config is fine.  I know that adding the second 
>>> domain controler was fine.  Replication is working perfectly. No 
>>> errors.   If I stop the DC processes on either server, Windows 
>>> clients appear to failover perfectly fine.
>>> The problem seems to affect my Linux clients (CentOS 7) running 
>>> winbind.
>>> Let's say a CentOS 7 client X is connected to dc2, and I stop the DC 
>>> processes on dc2....  The odd time, the client will connect to dc1 
>>> almost right away, and everything just works the way it should 
>>> always work.
>>> However, most of the time, I stop the DC processes on dc2, the 
>>> client will connect to dc1, I can even do a "wbinfo -u" or "wbinfo 
>>> -g", but "whoami" reveals "user doesn't exist". Somewhere between 
>>> 20-50 minutes later, it just "magically" works.  The timing doesn't 
>>> seem consistent.  Even a reboot doesn't fix things when it's in this 
>>> state.
>>> I've tried to follow the Samba logs, but I really can't figure out 
>>> what's up.  Andrew? Jeremy? Anyone?
>>> I don't think this can be just my system.  I suspect there's a lot 
>>> of users out there running multiple DCs with a similar setup to me, 
>>> believing that it's all working, and maybe, because there hasn't 
>>> been a failure, everything works great, but who knows what will 
>>> happen when there's actually a failure.
>>> Jason.
>> Try adding these lines to the /etc/resolv.conf on the Linux clients:
>> options rotate
>> options timeout:1
>> ||Rowland 
> Hi Rowland,
> Here's something that may help jog your memory if you've heard of this 
> happening before.....
> So my machine was connected to dc2...  wbinfo -u is giving me nothing 
> now, yet wbinfo -g is working fine.
> This sure has me puzzled.
The fact that 'wbinfo -g' works, seems to suggest that the DC is being 
connected to, so why does 'wbinfo -u' not work ?

Unfortunately you cannot select which DC to use with wbinfo, bu you can 
with net, so try this when 'wbinfo -u' doesn't work: net usersidlist -S  

Replace 'DCHOSTNAME' with the running DC's hostname.

If you get output it shows that your DC is working and the problem lies 


