samba - Apr 2022 - Winbind authentication issues when single Domain Controller down

On Tue, 2022-04-26 at 08:27 -0500, Richard Anderson via samba
wrote:
> 
> We have our domain controllers on a separate subnet and DNS is
> relayed via
> our firewall. However, the tests I ran against the domain (using
> nslookup)
> appeared ok.
I think you need to explain that in a bit more detail.
It sounds like your Samba AD DC's are in one subnet and your clients
are in another. If this is the case, you should be using 'sites', but
you would still need a minimum of one DC in each site.

Rowland

On 4/26/22 15:36, Rowland Penny via samba wrote:
> I think you need to explain that in a bit more detail.
> It sounds like your Samba AD DC's are in one subnet and your clients
> are in another. If this is the case, you should be using 'sites',
but
> you would still need a minimum of one DC in each site.
well, this is all correct of course, but the thing is: DC reconnect 
behaviour when the currently selected DC goes down is a long known 
problem. We just haven't seen someone throw the needed resources at the 
problem. This is sufficiently tricky to keep a Samba dev busy for a few 
weeks.

Cheers!
-slow

-- 
Ralph Boehme, Samba Team                 https://samba.org/
SerNet Samba Team Lead      https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20220426/d52ee1ff/OpenPGP_signature.sig>

Our Windows Active directory domain controllers are connected to a switch
that is connected to a firewall. The firewall is then connected to another
switch that is connected to the Samba file server. The domain controllers
are on a server subnet and the fileserver is on a production subnet. Let me
know if this is helpful.

dc1 ---- Switch (Server subnet) ---- Firewall ---- Switch (Production 1
subnet) ---- Samba file server
dc2 --------| |
dc3 ----------|

Here are some tests mentioned in a previous email (this is from the Samba
file server):
"host ourdomain.companydomain.com" returns all 3 of our domain
controllers
nslookup with set type=SRV _ldap._tcp.ourdomain.companydomain.com also
returns all three domain controllers



Rich
*Sr. Systems Engineer*






On Tue, Apr 26, 2022 at 8:37 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 2022-04-26 at 08:27 -0500, Richard Anderson via samba wrote:
> >
> > We have our domain controllers on a separate subnet and DNS is
> > relayed via
> > our firewall. However, the tests I ran against the domain (using
> > nslookup)
> > appeared ok.
>
> I think you need to explain that in a bit more detail.
> It sounds like your Samba AD DC's are in one subnet and your clients
> are in another. If this is the case, you should be using 'sites',
but
> you would still need a minimum of one DC in each site.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>