[Samba] samba not using nearest ADS server

Tobias Hennerich Tobias at Hennerich.de
Mon Apr 6 13:22:52 GMT 2009 

Hello James,

sorry for the long delay...

> I had problems with trusted domains when I migrated to Samba 3.2.  We
> ended up just deleting the trusts, as they weren't necessary for us but
> in your case I don't think that's possible.

No, in fact this is no solution for us :-)

> Do you get the delay when a German user who is only a member of global
> groups for the DE domain logs in?

The reason for my long delay was to get such an user for testing:

Even the group "Domain Users" is member of other universal groups and
(surprise!) one of these groups in located in the UK and another one is
located in the US.

So I have now an reason why the samba is connecting to the US and to UK -
but sill no explanation:

There exists an Global Catalog Server in germany, which should replicate 
the information locally. Why is samba not connecting to that machine?

Best regards	Tobias




> If you set up a test box with "Allow Trusted Domains = No" do you still
> see the delay?
> 
> James Zuelow....................CBJ MIS (907)586-0236
> Network Specialist...Registered Linux User No. 186591 

On Tue, Mar 24, 2009 at 12:48:25PM -0800, James Zuelow wrote:
> 
> 
> > -----Original Message-----
> > From: 
> > samba-bounces+james_zuelow=ci.juneau.ak.us at lists.samba.org 
> > [mailto:samba-bounces+james_zuelow=ci.juneau.ak.us at lists.samba
> .org] On Behalf Of Tobias Hennerich
> > Sent: Tuesday, 24 March, 2009 11:23
> > To: Mark Casey
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] samba not using nearest ADS server
> > 
> > Hello Mark,
> > 
> > thank you for your reply!
> > 
> > > First, I am assuming from your message that this network 
> > trace was from 
> > > one ssh attempt, is that correct? 
> > 
> > Yes, that is one login. It doesn't matter if we use ssh or another
> > process who needs information about a user. I think we get the same
> > result if we just switch to a user from root via "su - user".
> > 
> > > I also gather you are in the germany site? 
> > 
> > Yes, the login was a german user to the german server. That user is in
> > some universal ADS groups, which are located in germany, too.
> > 
> I had problems with trusted domains when I migrated to Samba 3.2.  We
> ended up just deleting the trusts, as they weren't necessary for us but
> in your case I don't think that's possible.
> 
> Do you get the delay when a German user who is only a member of global
> groups for the DE domain logs in?
> 
> If you set up a test box with "Allow Trusted Domains = No" do you still
> see the delay?
> 
> James Zuelow....................CBJ MIS (907)586-0236
> Network Specialist...Registered Linux User No. 186591

More information about the samba mailing list