Lauge Rasmussen
2025-Aug-21 07:58 UTC
[Samba] Winbind does not immediately fail over to secondary DC on one client
Hello
I'm having trouble after setting up a secondary Domain Controller.
The setup went fine and most of my clients are seamlessly switching from
one DC to the other, except for one.
On the one client with problems i have to run "net cache flush" when i
turn off the DC that it was connected to, until it will use the active
DC for lookups. So if it was connected to DC1, it takes an hour for it
to be able to resolve users (wbinfo -i {username}) even though it seems
to connect to the secondary DC2 (wbinfo -P)
This becomes apparent when running "wbinfo -i test0" where test0 is a
user. I can see that the troublesome client does connect to the running
DC, because running "wbinfo -P" returns the correct DC (the one
running).
The command "wbinfo -i test0" returns:
"""
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user test0
"""
Do you have any idea how this might be? The smb.conf file for the
troublesome client is exactly the same as for the other clients who are
running fine. The cache seems to be flushed by itself in 1 hour, as that
is where the troublesome client is able to resolve users again.
One way in which the troublesome client is special is that it works as
the DNS server on my network, however, the DCs are configured to use
themselves first in their dns configuration and then the DNS server (the
troublesome client) after.
Any help is much appreciated
Thanks
Lauge
Luis Peromarta
2025-Aug-21 08:23 UTC
[Samba] Winbind does not immediately fail over to secondary DC on one client
To begin with, DCs should only use DCs as DNS servers. First itself then the other DC. You can forward the out of scope addresses to whichever dns server you like with the forward line in smb.conf This article about dns resiliency for AD may be of some use to you. http://samba.bigbird.es/doku.php?id=samba:resilient-dns On 21 Aug 2025 at 10:20 +0200, Lauge Rasmussen <lauge.rasmussen at nru.dk>, wrote:> One way in which the troublesome client is special is that it works as > the DNS server on my network, however, the DCs are configured to use > themselves first in their dns configuration and then the DNS server (the > troublesome client) after.
Michael Tokarev
2025-Aug-21 21:47 UTC
[Samba] Winbind does not immediately fail over to secondary DC on one client
On 21.08.2025 10:58, Lauge Rasmussen via samba wrote:> Hello > > I'm having trouble after setting up a secondary Domain Controller. > > The setup went fine and most of my clients are seamlessly switching from > one DC to the other, except for one. > > On the one client with problems i have to run "net cache flush" when i > turn off the DC that it was connected to, until it will use the active > DC for lookups. So if it was connected to DC1, it takes an hour for it > to be able to resolve users (wbinfo -i {username}) even though it seems > to connect to the secondary DC2 (wbinfo -P) > > This becomes apparent when running "wbinfo -i test0" where test0 is a > user. I can see that the troublesome client does connect to the running > DC, because running "wbinfo -P" returns the correct DC (the one running). > > The command "wbinfo -i test0" returns: > > """ > > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for user test0Which samba version is it? If it's 4.22, see the just-released 4.22.4 which most likely has a fix for this bug. Thanks, /mjt