No, I do not have it set. We have multiple DCs for redundancy and scaling and I
didn’t want to be tied to one particular DC.
However the last two nights when our Server Team performed some DC hardware
migrations, users could not authenticate to the Wireless Service while a
particular DC was unavailable.
The error in the log was “User Not Found”.
-Neil
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
E-Mail: neil-john...@uiowa.edu
On Apr 3, 2015, at 10:28 AM, Robert Fisher rob...@sitestar.net wrote:
Neil:
Would you please clarify, do you have the DomainController variable set?
The way I'm reading this code, it should call the GetAnyDomainController
each time the sub routine is called unless that variable is set.
Robert Fisher
Systems Administrator
Sitestar Internet Services
On 4/3/2015 9:17 AM, Johnson, Neil M wrote:
We are having issues with Authentication failures using AuthByLSA when the
workstation fails over to another Domain Controller.
The issue is that we do a group membership check in our AuthByLSA Handler.
It appears from the code below that if you don’t specify a DC it picks one
the first time it checks for group membership and keeps using it even if the
DC becomes
unavailable.
Code is from the method “userIsInGroup” in AuthByLSA.pm.
# Find the controller to use
my $controller = $self-{DomainController};
if (!defined $controller)
{
$controller = $self-{controllers}{$domain};
if (!defined $controller)
{
Win32::NetAdmin::GetAnyDomainController(undef, $domain,
$controller);
$self-{controllers}{$domain} = $controller;
}
}
$self-log($main::LOG_DEBUG, Checking LSA Group membership for
$controller, $group, $username);
return Win32::NetAdmin::GroupIsMember($controller, $group, $username)
|| Win32::NetAdmin::LocalGroupIsMember($controller, $group, $username);
Is it possible to add code to check for a DC failure and then repeat the
call to “Win32::NetAdmin::GetAnyDomainController” in this subroutine?
Thanks.
-Neil
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator