[Samba] How does Samba find a domain controller?
Gerald (Jerry) Carter
jerry at samba.org
Fri May 5 13:34:52 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Gautier, B (Bob) wrote:
>> The recommendation in the smb.conf manpage is
>> 'name resolve order = wins bcast' when
>> you are in security=ads mode, with a remark that in that
>> case ADS-style DNS lookups are done anyway, first. Is
>> my reading right?
If the man page says that, it's wrong. DNS lookups are
only performed if you have host in the 'name resolve order'
list. I can double check, but I'm pretty sure this is how
we coded it up.
> Samba 3.0.23 will query the correct
> _ldap._tcp.dc._msdcs.<domain> name and includes affinity for
> a server once connected so that for example winbindd will
> reconnect to the server used during the domain join to avoid
> lags in replication delays between DCs.
>> Is that in pre1, or still to come?
The server affinity patches are in 3.0.23pre1. The new
DNS lookup routines are still in development.
>> So as I understand it there is no plan to do any
>> 'nearest DC' guessing (which is what Windows appears
>> to do, based on IP address comparisons) but we can
>> influence choice of DC by what we put in the DNS
>> in the first place, and by firewalling to prevent access
>> to inappropriate (e.g. offsite) DCs?
You mean the Site name stuff ? I'm working on integrating
the CLDAP queries but I haven't looked at the Site stuff much.
We used to pick DC's based on network address and that was
Note that for you own domain you can specify 'password server
= foo.dom.ain *' to give preference to a specific DC. This
doesn't work for trusted domains though.
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba