[Samba] Domain member cannot authenticate when first domain controller is down

[Roy Eastwood]

On 27 February 2021 03:35 Josh T wrote:
> //Problem:
> I am unable to authenticate a domain user on a Samba domain member while the
> first Samba directory controller DC1 is powered off and the second Samba
> directory controller DC2 is powered on.
> 
> While DC1 is powered on, I can log in as a domain user with no problems. While
> DC1 is powered off, attempting to log in usually results in waiting 60+
seconds
> followed by a login failure message. If I had already logged in prior to
powering
> off DC1, then I can see the same long delay and authentication failures when
> entering my sudo password. Intermittently I can sometimes manage to log in
> while DC1 is powered off, but there is still the 60+ second delay; I haven't
been
> able to link this intermittent behavior to any of my own troubleshooting
actions.
> In any case, a 60+ second delay is undesirable.
> 
> //Environment description:
> The first Samba domain controller DC1 was created following these instructions
> on the Samba wiki:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_
> Domain_Controller
> It was provisioned using the command "samba-tool domain provision --use-
> rfc2307 --interactive".
> The BIND9_DLZ DNS backend was selected during provisioning.
> Samba version 4.11.6-Ubuntu was installed on DC1 using the apt command.
> 
> The second Samba domain controller DC2 was created following these
> instructions on the Samba wiki:
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active
> _Directory
> It was joined using the command "samba-tool domain join my.domain.tld --dns-
> backend=BIND9_DLZ --option='idmap_ldb:use rfc2307 = yes'".

The above is missing the letters  "DC" in the command line.   This may be the
issue.

HTH 

Roy