[Samba] Resilience inquiry: What happens to samba clients if a
domain controller fails?
Avron Gray
agray at aeso.ca
Thu Feb 12 15:39:58 GMT 2009
Hello folks,
I have been asked about the resilience of samba clients when faced with
a domain controller failure. My client's environment has multiple
Windows Domain Controllers (we'll call them dc1 - dc9).
Assuming that domain replication operates as expected (and does, from
Windows workstation point of view), what should I expect if (when) the
domain controller that initiated a kerberos ticket or provided active
directory authentication fails? I have not been able to test this
properly, as my dev domain is too disimilar to my production domain...
Support Information:
- My UNIX environment is running kerberos 5.
- Kerberos5 configuration information:
kdc.conf has my domain listed in realms
krb5.conf has my domain listed in realms like this:
[realms]
DOMAINNAME.CA = {
kdc = dc1.domainname.ca
admin_server = dc1.domainname.ca
default_domain = DOMAINNAME.CA
}
- Samba 3.0.33 configuration information:
[global]
security = ads
realm = DOMAINNAME.CA
workgroup = DOMAINNAME
encrypt passwords = yes
server string = %h Samba %v
smb ports = 445
disable netbios = yes
name resolve order = hosts
- Hosts were joined to the domain using:
net ADS join -U administrator
administrator's password:
Using short domain name -- DOMAINNAME
Joined 'HOST' to realm 'DOMAINNAME.CA'
host|/#
- DNS information
root at oradbp1# nslookup domainname.ca
Server: dc2.domainname.ca
Address: 1.1.1.2
Name: domainname.ca
Addresses: 1.1.1.1, 1.1.1.2, 1.1.1.3, 1.1.1.4
10.10.10.10, 10.10.10.11, 10.10.10.12, 100.100.100.100,
100.100.100.101
** IP addresses changed for ambiguity
- Avron
More information about the samba
mailing list