Winbind using sites-and-services to look up DCs that are nearby ...

Alexander Bokovoy ab at samba.org
Fri Sep 22 08:29:23 UTC 2017


On to, 21 syys 2017, Richard Sharpe via samba-technical wrote:
> On Thu, Sep 21, 2017 at 4:15 PM, Jeremy Allison <jra at samba.org> wrote:
> > On Thu, Sep 21, 2017 at 02:46:59PM -0700, Richard Sharpe via samba-technical wrote:
> >> Does winbindd currently (perhaps with some configuration) know how to
> >> be site-aware when looking up DC for translating names, SIDs, etc.
> >>
> >> We have seen one instance where a Samba member server in Western
> >> Europe was looking up a DC in Sakhalin which was a bit surprising.
> >
> > winbindd is site-aware. If you're seeing this it's time to
> > get the debuging shovel out :-).
> 
> Yeah, I thought it was ... there is something weird there because the
> Samba server was looking up something in sakhalin2.ru which seemed
> weird given that the parent org was in .com ...
> 
> Maybe they had been hacked by Putin!
I've seen multiple times misconfigured AD sites. It would be no wonder
to stumble upon such 'leakage' in a multinational setup.
-- 
/ Alexander Bokovoy



More information about the samba-technical mailing list