[PATCH] Save some DNS and NBT name queries while joining a domain
Andreas Schneider
asn at samba.org
Wed Jul 8 07:15:35 UTC 2015
On Tuesday 07 July 2015 13:50:54 Volker Lendecke wrote:
> On Sun, Jul 05, 2015 at 12:24:14PM +0300, Uri Simchoni wrote:
> > Hi,
> > The attached patch set removes some name resolving queries while
> > running "net ads join". Those queries may lead to prolonged execution
> > of "net ads join" beyond what's necessary, or even to failure to join
> > in some cases.
> >
> > [1/2] is a re-submission of something I sent about a week ago -
> > letting dsgetdcname() know whether the given domain name is the FQDN
> > or the flat name. This saves rather pointless queries (use NBT to
> > lookup FQDN, use DNS to look for flat names), and also fixes one case
> > in which the on-site DC is an RODC and netbios is disabled.
>
> This looks good to me.
>
> One question: Why do you only apply it for an explicitly
> given domain name? Doesn't the same also apply to the
> default value of "domain", which is lp_realm()?
>
> > [2/2] adds "dns_lookup_realm=false" to samba-generated krb5.conf. This
> > saves on some TXT queries that are done by kerberos libs while
> > verifying the join. An alternative to this would be to let
> > cli_full_connection() know the FQDN of the domain, not just the server
> > it's connecting to.
>
> Here others with more Kerberos config knowledge must reply,
> sorry.
Günther, this is your playground :) It looks fine for me ...
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list