[Samba] use password server= when security=ADS or not???
Gerald (Jerry) Carter
jerry at samba.org
Fri Jun 11 19:09:39 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alex de Vaal wrote:
| I'm using winbind (which is the Samba-3 NTLM authentication
| daemon) in my configuration, so in my case it is better
| to specify at "password server" all the DNS names of my
| ADS servers instead of leaving it blank?
|
| I know that Krb5 ticket is handled by the krb5 libs. I have
| no krb5.conf specified, so it uses the DNS for resolving
| the KDC servers (the ADS servers create SRV records in
| DNS for each KDC in the realm)
|
| In my case "password server=" is not specified in smb.conf.
| I see however sometimes strange things in winbindd.log on
| a remote Samba domain member server that it can't find
| sometimes the LDAP server, port 445 and port 139, because
| the connection to the ADS server is sometimes very slow (is
| a router connection). I was wondering if it is better to
| specify all the ADS servers in the realm at "password
| server=", so it is looking for the other servers in the
| realm if the connection to an ADS server is slow.
I would use 'password server = preferred_dc * in this case'
The internal heuristics for find the closest DC are based on
matching the netmask which is no optimal.
cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAygNzIR7qMdg1EfYRApP/AKDyVD8airXP1X/cmcZdXDd5oY9feACg3wrN
VFnVjgtJv8OSsBekuJ+JXwI=
=4cPQ
-----END PGP SIGNATURE-----
More information about the samba
mailing list