[Samba] Domain member cannot authenticate when first domain controller is down

Rowland penny rpenny at samba.org
Thu Mar 4 16:29:55 UTC 2021

On 04/03/2021 15:48, Dale via samba wrote:
> Unfortunately, after making the resolv.conf and krb5.conf changes, 
> things actually became worse.  All connection attempts timed out, even 
> after reverting krb5.conf back to the way it was.  For completeness, I 
> disabled pam_winbind.conf to make sure that a cached login was not 
> interfering.
> The strange thing is that I can see all sorts of successful SRV query 
> results in the BIND query logs of DC2.  The "options rotate"in 
> resolv.conf has had a significant effect.  Counting the SRV queries in 
> old BIND log files (query.log.x) shows only a handful of SRV queries 
> per log file.  Since adding the rotate option, SRV queries are in the 
> 1000's per log file.  So, it's doing something, but not failover in 
> any form or fashion.

Trying to understand this, without any of Louis's suggestions in place, 
then if DC1 disappears, authentication stops and there is nothing in the 
logs on DC2. With Louis's suggestions and if DC1 disappears, 
authentication still stops, but you get log messages on DC2.

Is the above true ? If it is, it is pointing at a problem on DC2.


More information about the samba mailing list