[Samba] Winbind authentication issues when single Domain Controller down
Richard Anderson
rich.anderson at mbx.com
Mon Apr 25 16:56:22 UTC 2022
When one of our domain controllers is restarted or down, occasionally we
will have a large number of errors on our Samba server. This appears to
depend on whatever domain controller is being used by winbind.
We found this out when several of our users reported they could not login
to our Samba server. Logs indicated NT_STATUS_NO_LOGON_SERVERS. This was on
a reboot of one of our domain controllers. Once the domain controller was
back up we were able to login to the server.
Does the 'password server' setting work? Is there another setting I should
consider?
We use winbind for authentication. When the domain controller that is being
used is down, wbinfo -P will take several minutes before failing and does
not appear to switch to another server on the second or third attempt.
*Tried (smb.conf)*
- winbind offline login = yes
- winbind cache time = 600
- password server = dc1.ourdomain.company_domain.com,
dc2.ourdomain.company_domain.com,dc3.ourdomain.company_domain.com
*Diagnostics*
nslookup:
> set type=SRV
> _ldap._tcp.ourdomain.company_domain.com
Server: 172.16.0.1
Address: 172.16.0.1#53
_ldap._tcp.ourdomain.company_domain.com service = 0 100 389 dc1.ourdomain.
company_domain.com.
_ldap._tcp.ourdomain.company_domain.com service = 0 100 389 dc2.ourdomain.
company_domain.com.
_ldap._tcp.ourdomain.company_domain.com service = 0 100 389 dc3.ourdomain.
company_domain.com.
Rich
*Sr. Systems Engineer*
More information about the samba
mailing list