[Samba] Active Directory domain controller authentication order

Vaudo, David DVAUDO at bentley.edu
Tue Mar 9 14:21:28 MST 2010

Set will tell you which logon server has handled the clients logon.  Look for LOGONSERVER:

There could be something wrong with our local DC.  Run DCDIAG and check the event viewer for errors in directory service and DNS.

From: Casey Allen Shobe [mailto:casey at shobe.info]
Sent: Tuesday, March 09, 2010 4:12 PM
To: Vaudo, David
Cc: samba at lists.samba.org
Subject: Re: [Samba] Active Directory domain controller authentication order


I've found the following, as I only have read-only access to the sites and services stuff:
* Our subnet is associated with our site definition.
* Under our site --> Servers, only the local domain controller is listed.

I also googled around and found out about "set l" on the command line, which shows our local DC.  But I'm not sure how useful this is, because the VPN tunnel has been broken for a couple days and the logins are more recent than that.
On Tue, Mar 9, 2010 at 3:38 PM, Vaudo, David <DVAUDO at bentley.edu<mailto:DVAUDO at bentley.edu>> wrote:
Make sure the subnets in AD Sites and Services are correctly configured.  I believe they perform to functions:

1. To control DC replication traffic between sites.
2. To make clients authenticate with local domain controllers first.


-----Original Message-----
From: samba-bounces at lists.samba.org<mailto:samba-bounces at lists.samba.org> [mailto:samba-bounces at lists.samba.org<mailto:samba-bounces at lists.samba.org>] On Behalf Of Casey Allen Shobe
Sent: Tuesday, March 09, 2010 3:31 PM
To: samba at lists.samba.org<mailto:samba at lists.samba.org>
Subject: [Samba] Active Directory domain controller authentication order


I'm curious if anybody knows how to configure the order in which domain
controllers are contacted by clients for authentication purposes and other
such stuff.  I've a situation where it seems that all our Windows computers
are attempting to authenticate off of a remote server before the local one,
which is backwards.  I'm not even certain where to check what they are
actually attempting to authenticate against, but whenever a VPN tunnel we
have to an upstream office breaks, logins and file share browsing and other
stuff slows to a crawl.

Thanks for any hints,
Casey Allen Shobe
casey at shobe.info<mailto:casey at shobe.info>
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Casey Allen Shobe
casey at shobe.info<mailto:casey at shobe.info>

More information about the samba mailing list