As I mentioned yesterday, I setup a secondary domain controller.
In my /etc/krb5.conf on all my test AD clients, I specify the IP of both
kdcs:
[realms]
?AD.EECS.YORKU.CA = {
? kdc = IP1
? kdc = IP2
?}
If I'm logged into a system using the DC at IP1, and I stop the DC
processes on IP1, then I try to run a command such as "whoami" on the
AD
client, I get "whoami: cannot find name for user ID X".
If I try to ssh to the system, my password doesn't work.
If I then put back up the DC processes on IP1, everything works.
What am I missing? Isn't the point of the alternate domain controller
that I should be able to take one away, and the other would be used?
Jason.