[Samba] How does Samba find a domain controller?

Gerald (Jerry) Carter jerry at samba.org
Fri May 5 13:34:52 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gautier, B (Bob) wrote:

>> The recommendation in the smb.conf manpage is 
>> 'name resolve order = wins bcast' when
>> you are in security=ads mode, with a remark that in that
>> case ADS-style DNS lookups are done anyway, first.  Is 
>> my reading right?

If the man page says that, it's wrong.  DNS lookups are
only performed if you have host in the 'name resolve order'
list.  I can double check, but I'm pretty sure this is how
we coded it up.

> Samba 3.0.23 will query the correct 
> _ldap._tcp.dc._msdcs.<domain> name and includes affinity for 
> a server once connected so that for example winbindd will 
> reconnect to the server used during the domain join to avoid 
> lags in replication delays between DCs.
> 
>> Is that in pre1, or still to come?

The server affinity patches are in 3.0.23pre1.  The new
DNS lookup routines are still in development.

>> So as I understand it there is no plan to do any 
>> 'nearest DC' guessing (which is what Windows appears
>> to do, based on IP address comparisons) but we can
>> influence choice of DC by what we put in the DNS
>> in the first place, and by firewalling to prevent access
>> to inappropriate (e.g. offsite) DCs?

You mean the Site name stuff ?  I'm working on integrating
the CLDAP queries but I haven't looked at the Site stuff much.
We used to pick DC's based on network address and that was
horrible.

Note that for you own domain you can specify 'password server
= foo.dom.ain *' to give preference to a specific DC.  This
doesn't work for trusted domains though.




cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEW1R7IR7qMdg1EfYRAu1/AJ9yviYUXyTJfec9AqD0y9AwiRgQlwCgjXFE
j1uOsqTvunWvn+rHsKzxLfA=
=LDK3
-----END PGP SIGNATURE-----

More information about the samba mailing list