[Samba] can samba figure out the "closest" domain controller in
ADS mode?
Jeremy Allison
jra at samba.org
Sat Jan 6 17:53:33 GMT 2007
On Sat, Jan 06, 2007 at 08:01:49PM +1300, Jason Haar wrote:
> I'v got working Samba ADS servers, but "net ads info" shows most of them
> are associated with Win2K3 domain controllers that are in different
> sites than the ones the Samba servers are in (we have a large WAN with
> DCs in every site). I'm not configuring "password server" as I want
> Samba to be more fault tolerant than pointing it at one DC - when there
> are many to choose from. It looks like Samba is just doing a DNS lookup
> on the realm name and binding to the top DC in the list?
>
> Active Directory does allow you to define sites and Windows boxes figure
> out where their closest DC is from that information - but it looks like
> Samba can not? Is that correct, or is there something else I can do?
> Resolving usernames/groups is pretty dire due to this - a Samba server
> in Sweden is currently using a DC in Beijing for example.
>
>
> This is Samba-3.0.23d under CentOS4.4
Site support is one of the new winbindd features added
for 3.0.24. Guenther and I are working on one last bug
we know about - we expect to have that fixed next week.
Site support does affect the krb5.conf though - the solution
we adopted for SuSE 10.x was to actually move the user
specified krb5.conf out of the way and re-write it with
a link to a winbindd created krb5.conf. Works well for
desktops but not for servers. I think the new version of
MIT krb5 has a Guenther patch that allows site lookups
from the krb5 libs.
Anyway, if you want you can compile in the "overwrite
krb5.conf" code in 3.0.24. If you want to test this
we'd appreciate it very much !
Jeremy.
More information about the samba
mailing list