[Samba] use password server= when security=ADS or not???

Gerald (Jerry) Carter jerry at samba.org
Fri Jun 11 19:09:39 GMT 2004

Hash: SHA1

Alex de Vaal wrote:

| I'm using winbind (which is the Samba-3 NTLM authentication
| daemon) in my configuration, so in my case it is better
| to specify at "password server" all the DNS names of my
| ADS servers instead of leaving it blank?
| I know that Krb5 ticket is handled by the krb5 libs. I have
| no krb5.conf specified, so it  uses the DNS for resolving
| the KDC servers (the ADS servers create SRV records in
| DNS for each KDC in the realm)
| In my case "password server=" is not specified in smb.conf.
| I see however  sometimes strange things in winbindd.log on
| a remote Samba domain member  server that it can't find
| sometimes the LDAP server, port 445 and port 139, because
| the connection to the ADS server is sometimes very slow (is
| a router connection). I was wondering if it is better to
| specify all the ADS servers in the realm at "password
| server=", so it is looking for the other servers in the
| realm if the connection to an  ADS server is slow.

I would use 'password server = preferred_dc * in this case'
The internal heuristics for find the closest DC are based on
matching the netmask which is no optimal.

cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list