It seems likely that this problem has been already been addressed, but I didn't find anything in a search. My apologies if it's a duplicate. We ran into a situation where Samba server that had been running for a long time suddenly stopped allowing connections from Linux users, but it still worked for Windows users. The smb.conf file contained: security=domain password server = SERVER1 SERVER2 The problems started when SERVER1 was taken off line, but still had an entry in DNS. It seems that Windows systems are able to fall back and use the second server when the first one times out, but smbclient is not. smbclient simply reports an error after a 20 second delay. This occurs even with smbclient 3.0.14a from Fedora Core 4. The server is older (2.0.4) but since windows clients are able to connect, I think (hope?) that the problem can be fixed on the client side. It's easier to change the client than to get our IT organization to make changes to the server.
What exactly is happening here ? The clients aren't doing the authentication for the server... I don't understand this report. Jeremy.
Maybe I haven't characterized the problem accurately, but that's the way our Samba guru described it to me and the symptoms are quite clear and reproducable. SERVER1 is a host which has entry in DNS, but is not on line. SERVER2 is a valid windows DOMAIN controller. When the line in smb.conf is: password server = SERVER1 SERVER2 and smbclient tries to connect, the result printed to the console is: error '10971 ... server did not respond after 20000 milliseconds'. and the messsage that shows up in the samba server log is [2005/10/25 16:31:32, 0] smbd/password.c:(1266) domain_client_validate: unable to connect to SMB server on machine SERVER1. Error was : code 0. When the smb.conf line is changed to: password server = SERVER2 then everything is fine. Despite this server mis-configuration, windows clients are still able to connect to it.
I have a similar problem. 'm running Samba 3.0.23c on Solaris 10. I have specified DOMAIN security and 2 password servers in smb.conf - SERVER1 and SERVER2. If SERVER1 goes down then SERVER2 is used for password authentication. However, when SERVER1 comes back on line it isn't used for authentication again unless the winbind daemon is restarted. Has anyone else had this problem and/or know of a fix for it? Many thanks!
I think this is a situation that you can recreate by stopping the NETLOGON service on a DC. The server remains up, it responds to netbios lookups (Samba's method of checking for availability), and it remains in the DNS list of DCs. It just doesn't respond to netlogon requests so Samba fails to authenticate the user.