clustered single machine account / NTLM

Andrew Bartlett abartlet at
Mon Apr 21 07:33:27 GMT 2008

On Mon, 2008-04-21 at 05:44 +0200, Volker Lendecke wrote:
> On Sun, Apr 20, 2008 at 01:33:17PM -0700, Zachary Loafman wrote:
> > So .. are ctdbs maintaining separate sessions to each DC using the same
> > machine account, and have you had any problems with that, or are the
> > smbds talking to one winbind so there's only one cluster<->DC session?
> We're using separate connections per node.
> Samba is protecting certain parts of the NETLOGON pipe setup
> with a mutex, I'd have to look at exactly what. Our
> experience is that once you have a working NETLOGON schannel
> connection using the same wks account, the credential chains
> seem to work independently of each other.

This problem is avoided when the SamLogon call is changed to SamLogonEx,
which over schannel is not bound to the credentials chaining.  This
avoids the need to mutex this stuff between hosts (as would otherwise be

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list