Displaying 20 results from an estimated 20000 matches similar to: "Authentication to Secondary Domain Controller initially fails when PDC is offline"
2015 Dec 09
5
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 09/12/15 17:03, James wrote:
> On 12/9/2015 11:33 AM, Ole Traupe wrote:
>>
>>> - But when I try to ssh to a member server, it still takes forever,
>>> and a 'kinit' on a member server gives this:
>>> "kinit: Cannot contact any KDC for realm 'MY.DOMAIN.TLD' while
>>> getting initial credentials"
>>>
>>>
2015 Dec 09
7
Authentication to Secondary Domain Controller initially fails when PDC is offline
> - But when I try to ssh to a member server, it still takes forever,
> and a 'kinit' on a member server gives this:
> "kinit: Cannot contact any KDC for realm 'MY.DOMAIN.TLD' while
> getting initial credentials"
>
>
> My /etc/krb5.conf looks like this (following your suggestions,
> Rowland, as everything else are defaults):
>
>
2016 Jan 05
3
Authentication to Secondary Domain Controller initially fails when PDC is offline
For the member servers, to reduce timeouts etc when one DC is down.
Change your resolv.conf to :
domain internal.domain.tld
search internal.domain.tld
nameserver IP_DC1
nameserver IP_DC2
options timeout:2
options attempts:2
options rotate
options edns0
see man resolv.conf for the options explained.
Ow.. and ..
domain and search are NOT exclusive anymore in Debian Jessie and up.
At least,
2016 Jan 06
2
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 1/6/2016 10:56 AM, Ole Traupe wrote:
> Ok, I updated resolv.conf as you said. Then I restarted the network
> service on this member server and afterwords suspended the 1st DC.
> Now, kinit gives me again:
>
> "Cannot contact any KDC for realm 'BPN.TU-BERLIN.DE' while getting
> initial credentials"
>
> Ole
>
>
> Am 05.01.2016 um 13:41 schrieb
2015 Dec 04
1
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 04/12/15 16:20, Ole Traupe wrote:
>
>> Hi, If you can bear with me, I am trying to get the join to add the
>> NS for the joining DC to the SOA, I believe I may be near to get this
>> working (after leading myself down the garden path, what I tried
>> previously, didn't work), once it does, I should be able answer your
>> question, my test domain is using
2016 Jan 07
6
Authentication to Secondary Domain Controller initially fails when PDC is offline
Hai Ole,
What does this give you as output?
host bpn.tu-berlin.de
I assum you dnsdomain name is the same as your REALM_NAME ?
For me it show the 2 ipadresses of my DC's.
And my MX record.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens James
> Verzonden: woensdag 6 januari 2016 19:10
> Aan: samba at
2016 Jan 04
3
Authentication to Secondary Domain Controller initially fails when PDC is offline
Hi all,
Wish you a happy new year altogether!
Mathias, James, let me first say that I highly appreciate your help with
all your testing and writing up your thoughts.
Here are my responses:
A. I have no different sites, no various subnets; so I don't really know
what to do.
B. I don't understand the purpose of setting my domain up with different
sites with associated networks, if on
2015 Nov 20
7
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 11/20/2015 7:40 AM, Ole Traupe wrote:
>
>
> Am 20.11.2015 um 11:54 schrieb mathias dufresne:
>> Hi Ole,
>>
>> I'm still not answering your issue but I come back to speak about
>> TTL. Perhaps someone would be able to bring us some light on that.
>>
>> This morning I'm trying to reproduce the way I do broke my test AD
>> domain. This
2015 Nov 27
3
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 11/26/2015 10:35 AM, Ole Traupe wrote:
>
>>> ANYWAYS, I would like to approach from a different direction:
>>>
>>> If my first DC is offline, a ping on any of my domain machines takes
>>> 5+ seconds to resolve. I figure that my logon problems reflect
>>> multiple such timeouts during the logon process accumulating to a
>>> total
2015 Dec 09
3
Authentication to Secondary Domain Controller initially fails when PDC is offline
Hai Ole,
Can you run on the member where you logged in.
host -t SRV _ldap._tcp.samdom.example.com.
host -t SRV _kerberos._udp.samdom.example.com.
host -t A dc1.samdom.example.com.
host -t A dc2.samdom.example.com.
and again with
search my.domain.tld
nameserver IP_of_2st_DC
nameserver IP_of_1nd_DC
looks ok to me sofare.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van:
2016 Jan 05
1
Authentication to Secondary Domain Controller initially fails when PDC is offline
>
> I can't recall but are you able to get a packet trace? This may
> help further troubleshoot.
I'll look into this. However, Rowland stated that bind9 will be the only
solution.
>
> Just to recap you do you both servers listed as available DNS servers
> on your workstations? As well as your member server?
Yes, of course. For member servers, this is the
2015 Nov 20
3
Authentication to Secondary Domain Controller initially fails when PDC is offline
Thanks for the clarification, Daniel. And I like to think my users are
fast thinkers and might restart their machines eventually. But without
file and compute (Samba 4 member) servers being accessible, my
infrastructure virtually is down.
Again I ask: am I the only one having this problem? It must affect many
users of a basic Samba4 setup: two or more DCs, some Windows clients and
the
2015 Dec 10
2
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 10/12/15 13:25, Ole Traupe wrote:
> Is it possible that kdc server is always the SOA, at least if derived
> from DNS and not specified *explicitly* in the krb5.conf?
>
> In my DNS-Manager console I find that
>
> _tcp.dc._msdcs.bpn.tu-berlin.de
>
> contains only 1 "_kerberos" record, and that one points to my First_DC.
>
> Ole
>
>
>
Your
2015 Nov 19
3
Authentication to Secondary Domain Controller initially fails when PDC is offline
Mathias, thank you very much for your comprehensive instructions!
Just one question: Harry suggested that, in order to overcome the below
DNS related problems, the TTL would have to be adjusted (lowered).
However, the TTL seems to be the only time value not covered by the
command provided by you.
Is it really the TTL that is the culprit or is it rather the first time
value (something like
2015 Nov 18
2
Authentication to Secondary Domain Controller initially fails when PDC is offline
> It is DNS related.
>
>> What is the best way of dealing with this?
> The *best way* is a HA solution for your DNS Servers, but its expensive.
>
> The DNS client (resolver) caches the srv records for 15 minutes aka 900
> seconds.
>
> ipconfig /flushdns drops the cache. Reboot does the same.
>
> On server side you may set shorter TTL for the server records, but
2015 Nov 12
3
Authentication to Secondary Domain Controller initially fails when PDC is offline
Am 12.11.2015 um 11:22 schrieb Harry Jede:
> On 11:06:29 wrote Ole Traupe:
>> Hi,
>>
>> I tested the AD (Samba4) domain log-in on Windows 7 clients and Linux
>> member servers with my PDC being offline (plugged the cable). It is
>> not working so well.
>>
>> On Windows it initially takes forever. It works again after rebooting
>> the client, which
2015 Nov 19
4
Authentication to Secondary Domain Controller initially fails when PDC is offline
Ok, I see. Nevertheless, thank you very much for your effort!
I must say that I can't actually believe that no one knows an answer to
this problem. It must affect MANY people using Samba DCs. According to
all the tests on the wiki, everything is working fine. Then I pull the
plug on my first DC and no one can log on. And this time I waited far
longer than the suggested "refresh
2015 Nov 20
3
Authentication to Secondary Domain Controller initially fails when PDC is offline
Although I don't know what "dig" actually means, I was able to dig up
the following for my SOA:
my.domain.tld. 3600 IN SOA DC2.my.domain.tld.
hostmaster.my.domain.tld. 29 180 600 86400 180
This is after I reduced refresh interval and minimum TTL to 3 min (180
s). Still, the TTL of the SOA itself is 1h (3600 s).
This strongly suggests, that the TTL for DNS info
2015 Dec 10
4
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 10/12/15 14:40, Ole Traupe wrote:
>
>>> However, my 2nd DC is not that new, I restarted it many times, just
>>> again (samba service). No DNS records are created anywhere.
>>>
>>> If I go through the DNS console, in each and every container there
>>> is some entry for the 1st DC, but none for the 2nd (except on the
>>> top levels: FQDN
2015 Dec 10
2
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 10/12/15 14:00, Ole Traupe wrote:
>
>
> Am 10.12.2015 um 14:38 schrieb Rowland penny:
>> On 10/12/15 13:25, Ole Traupe wrote:
>>> Is it possible that kdc server is always the SOA, at least if
>>> derived from DNS and not specified *explicitly* in the krb5.conf?
>>>
>>> In my DNS-Manager console I find that
>>>
>>>