[PATCH] Save some DNS and NBT name queries while joining a domain
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Jul 7 13:50:54 CEST 2015
On Sun, Jul 05, 2015 at 12:24:14PM +0300, Uri Simchoni wrote:
> Hi,
> The attached patch set removes some name resolving queries while
> running "net ads join". Those queries may lead to prolonged execution
> of "net ads join" beyond what's necessary, or even to failure to join
> in some cases.
>
> [1/2] is a re-submission of something I sent about a week ago -
> letting dsgetdcname() know whether the given domain name is the FQDN
> or the flat name. This saves rather pointless queries (use NBT to
> lookup FQDN, use DNS to look for flat names), and also fixes one case
> in which the on-site DC is an RODC and netbios is disabled.
This looks good to me.
One question: Why do you only apply it for an explicitly
given domain name? Doesn't the same also apply to the
default value of "domain", which is lp_realm()?
> [2/2] adds "dns_lookup_realm=false" to samba-generated krb5.conf. This
> saves on some TXT queries that are done by kerberos libs while
> verifying the join. An alternative to this would be to let
> cli_full_connection() know the FQDN of the domain, not just the server
> it's connecting to.
Here others with more Kerberos config knowledge must reply,
sorry.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list