[Samba] Restricting to a subset of the domain controllers on a
site
Wayne Rasmussen
Wayne at gomonarch.com
Wed May 30 18:08:03 GMT 2007
>What version of Samba are you running?
We are running samba-3.0.10 on Solaris 9.
> How are they enforcing this requirement on the Windows
> clients? Using AD Sites top group DCs?
Their Answer:
Those other servers, while part of the domain are part of a separate
site used for exchange services. They referred to the following links:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technolog
ies/directory/activedirectory/stepbystep/adsrv.mspx
http://technet.microsoft.com/en-us/library/bb124367.aspx
So when the server boots and runs:
/usr/local/bin/kinit IL02mcs at sanatized
/usr/local/samba/bin/net ads join
What determines which DCs are granting tickets/authenticating?
/etc/krb5.conf doesn't seem to be the limiting factor as in this case we
got machines not in krb5.conf.
They are basically telling us that samba needs to limit which DCs it is
using for lookup. This seems counter intuitive to me.
-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Sent: Wednesday, May 30, 2007 5:36 AM
To: Wayne Rasmussen
Cc: samba at lists.samba.org
Subject: Re: [Samba] Restricting to a subset of the domain controllers
on a site
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wayne Rasmussen wrote:
> They are telling us that we must restrict to only
> authenticating to the domain controllers: DC1a DC2a
> DC3a DC4a
What version of Samba are you running?
> Is there a way to do this? Is their request unreasonable?
How are they enforcing this requirement on the Windows
clients? Using AD Sites top group DCs?
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGXW/DIR7qMdg1EfYRAp5SAJ9k0cpWsNRA6Itf3kDkx5CN4by++QCdHnqj
Hx0OJr/mJOvgvnHEmoXi0YY=
=FUhH
-----END PGP SIGNATURE-----
More information about the samba
mailing list