I ran into this problem as well, and found that if I joined each server
in turn (using "net ads join -S windc1", "net ads join
windc2", etc.),
the failover would happen. Otherwise I got errors from wbinfo -t, and
nothing else worked. It took me a week or two to figure this one out,
since I assumed "joining the domain" meant I was joining the domain,
rather than joining to a specific domain controller.
However, even with failover working, I've found it too slow to use. It
seems like every few responses have to failover, which takes 20-25
seconds each. I've bumped the "winbind cache time" to ten
minutes, so
wbinfo results are cached aggressively, but ntlm_auth does not appear to
respect or support this variable. I though ntlm_auth queried winbindd,
and so would answer with whatever winbind provided, but that doesn't
seem to happen here.
I've filed bug number 1866 about this slow failover and no caching issue:
https://bugzilla.samba.org/show_bug.cgi?id=1866
"Jeff Heckart" wrote:
> I am currently using samba along side of squid to do ntlm
> authentication. I have a primary, and secondary NT4.0 controllers, and
> have listed in smb.conf as such:
> password server: server1 server2
>
> I expected that when server1 went down, server2 would be queried next.
> This was not the case for me. I actually had server1 go down, and samba
> continued to attempt and fail against server1.
>
> How should this be setup?