We are having issues with Authentication failures using AuthByLSA when the workstation fails over to another Domain Controller.
The issue is that we do a group membership check in our AuthByLSA Handler. It appears from the code below that if you don’t specify a DC it picks one the first time it checks for group membership and keeps using it even if the DC becomes unavailable. Code is from the method “userIsInGroup” in AuthByLSA.pm. # Find the controller to use my $controller = $self->{DomainController}; if (!defined $controller) { $controller = $self->{controllers}{$domain}; if (!defined $controller) { &Win32::NetAdmin::GetAnyDomainController(undef, $domain, $controller); $self->{controllers}{$domain} = $controller; } } $self->log($main::LOG_DEBUG, "Checking LSA Group membership for $controller, $group, $username"); return &Win32::NetAdmin::GroupIsMember($controller, $group, $username) || &Win32::NetAdmin::LocalGroupIsMember($controller, $group, $username); Is it possible to add code to check for a DC failure and then repeat the call to “Win32::NetAdmin::GetAnyDomainController” in this subroutine? Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail: neil-john...@uiowa.edu _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator