I'm not doing AD auth (well, I am, but with a 3rd party application). However, I think what you need to figure out is why your linux servers are binding the the remote DC. If I remember correctly, it is up to the application layer to intelligently handle issues when the LDAP sverer you are bound to stops responding. It may be that that part of the code in Linux as lacking...
Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of carlopmart Sent: Thursday, May 15, 2008 1:34 AM To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list Subject: Re: [rhelv5-list] Strange problem when using AD as authenticationsystem for RHEL5/4 John Summerfield wrote: > carlopmart wrote: >> Hi all, >> >> I have a very very strange problem with 6 rhel5/4 systems, almost for >> me. In my infraestructure exists 3 Windows 2003 R2 SP2 servers acting >> as a AD domains to authenticate windows workstations and several linux >> systems. >> >> One of these three windows 2003 server is located on a remote office: >> >> - Headquarters: ad1 and ad2 >> - Remote Office: ad3 >> >> My 6 rhel based servers are located on headquarters office. All these >> 6 servers are configured to authenticate to AD servers, but only to >> ad1 and ad2 not to ad3. Ok, my problem: yesterday I have shutdown ad3 >> to do some maintenance tasks. At the same time that I shutdown this AD >> server, I can't login as normal user to any of my rhel based servers >> (as a root > > Can you test this with a Windows server (get an evaluation copy if > necessary) and see whether the problem exists there? > >> I can login). In /var/log/secure logs appears errors about ldap server >> can't be reached, but what server?? ad1 and ad2 are online... I don't >> understand why, because any ldap and krb5 configuration file points to >> ad3. >> >> When I started ad3 server, all works ok. Doing a tcpdump, I see that >> ALL my rhel servers do a first ldap query to ad1 or ad2 and subsequent >> ldap querys points to ad3 server instead to ad1 and ad2 servers. I >> repeat: on my /etc/ldap.conf and /etc/openldap/ldap.conf I haven't any >> param that points to ad3 ... I don't use samba, only ldap and kerberos >> config. >> >> Somebody knows why this happens?? I don't understand.... > > I don't, but I have a Windows-only domain that seems as confused. I have > two DCs, C0 and C1. C0 is the original, and acutely underpowered. > Theoretically, as I understand it, I should be able to turn C0 off and > still login, C0 has no shares and isn't supposed to be the master. It's > not so, if C0 is down then users cannot login. > > > Thanks John, but with Windows Workstations and Servers all works ok if ad3 is off, only with rhel servers doesn't works .... > -- CL Martinez carlopmart {at} gmail {d0t} com _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
