On Mon, Oct 10, 2005 at 03:52:02PM -0500, [EMAIL PROTECTED] wrote: > Im having some trouble getting, or even finding out if this works. I > have read through the samba by example and all the docs i can get my > hands on and i cant get this to work. Maybe it isn't supposed too.... > I have setup samba under RHEL4 QU1 to authenticate to AD. I am just > using samba to authenticate users for login purposes. It works fine and > dandy until my primary AD box goes down. > > I have a secondary AD server. It has a full replication of AD, DNS, and > also hands out kerberos tickets. My AD DNS has the listings for > _kerberos._tcp.gutbuster.local. `dig SRV > _kerberos._tcp.gutbuster.local` returns both server entries results > regardless of which DNS server I use. > > I dont seem to get very far once my primary has gone down. The samba > host is able to get a new kerberos ticket from the secondary by running > `kinit [EMAIL PROTECTED] but can no longer get winbind info > with `wbinfo` and getent passwd fails to pull AD info. Have I said > enough yet? > > my samba host is 10.180.23.69 > my ad primary is 10.180.23.57 > my ad secondary is 10.180.23.88 > > I have forced kerberos to use DNS to lookup the KDC > (dns_lookup_kdc=true) in the krb5.conf and i dont have any of the > KDC=10.180.23.88. I have tried using 'password server = *', 'password > server = 10.180.23.88 10.180.23.57', and removing the 'password server=' > line all together. > > Does anyone know if this setup even works? Remember, It isn't that I > cant get AD to authenticate, its only when the primary AD server fails > and the secondary server is all that exists.
Very thorough, execpt you neglected to tell us what version of Samba you're using..... That actually does help you know :-). winbindd has been undergoing a lot of work recently - knowing the version you're using would help us investigate. Can you get an ethereal trace from your box when you're trying to get it to fail over please ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba