[Samba] kvno problem when accessing "bdc" as \\domain.com
Matthieu Patou
mat at samba.org
Tue Oct 9 23:37:23 MDT 2012
On 10/09/2012 09:58 PM, Hannu Tikka wrote:
> So the \\domain.com\sysvol should work?
Exact
It's because we have domain DFS implemented for sysvol and netlogon shares.
What is happening behind the scene when a Windows client tries to
connect to \\domain.com\sysvol is that one of the DC will instruct the
client that it support DFS and client and server will enter into a DFS
resolution exchange where at the end the client get a list of server
holding the sysvol share (ie. \\dc1.domain.com\sysvol,
\\dc2.domain.com\sysvol) then the client request a kerberos ticket for
one of the DC and the usual connection takes place.
Matthieu.
>> On Tue, 2012-10-09 at 14:38 +0300, Hannu Tikka wrote:
>>> Hi!
>>>
>>> I have a samba4 domain with two r/w directory controllers. DNS is set up
>>> so that domain.com name adresses both servers for redundancy. But
>>> workstaions can't contact second server with address \\domain.com
>>> becuse
>>> the kvno is different that first servers kvno and when using
>>> \\domain.com
>>> address the kvno seems to be always first servers kvno.
>>> Can I somehow increase the second servers kvno or is there other
>>> solutions
>> You have to access each server by name. Even if the kvno was identical,
>> the kerberos key would be different.
>>
>> There is a special case used for sysvol shares, but all it does is
>> redirect the user to the right server.
>>
>> Andrew Bartlett
>>
>> --
>> Andrew Bartlett http://samba.org/~abartlet/
>> Authentication Developer, Samba Team http://samba.org
>>
>>
>>
>
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba
mailing list