clustered single machine account / NTLM
Andrew Bartlett
abartlet at samba.org
Mon Apr 21 07:33:27 GMT 2008
On Mon, 2008-04-21 at 05:44 +0200, Volker Lendecke wrote:
> On Sun, Apr 20, 2008 at 01:33:17PM -0700, Zachary Loafman wrote:
> > So .. are ctdbs maintaining separate sessions to each DC using the same
> > machine account, and have you had any problems with that, or are the
> > smbds talking to one winbind so there's only one cluster<->DC session?
>
> We're using separate connections per node.
>
> Samba is protecting certain parts of the NETLOGON pipe setup
> with a mutex, I'd have to look at exactly what. Our
> experience is that once you have a working NETLOGON schannel
> connection using the same wks account, the credential chains
> seem to work independently of each other.
This problem is avoided when the SamLogon call is changed to SamLogonEx,
which over schannel is not bound to the credentials chaining. This
avoids the need to mutex this stuff between hosts (as would otherwise be
required).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080421/415e4f9d/attachment.bin
More information about the samba-technical
mailing list