[Samba] Should krb.conf and krb5.conf have entries for multiple domain controllers?
Robert Freeman-Day
presgas at gmail.com
Tue Mar 1 06:59:28 MST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/28/2011 09:29 PM, Robinson, Eric wrote:
> There are three DCs in my Windows AD domain, but I have
> noticed that only one of them is referenced in my krb.conf
> and krb5.conf. Should there be a reference to one or two of
> the other domain controllers? If the DC goes down, how will
> my Samba/Winbind servers authenticate?
>
>
> --
> Eric Robinson
>
>
Eric,
There should be no problem putting each DC in your krb.conf file. It
does allow for failover for kerberos. In your smb.conf file you will
also want to list the servers in your "password server" parameter,
separated by spaces.
Depending on how your samba/winbind is implemented, and the default way
most windows domain member machines work, is that they will go to
kerberos first then go to lanman/ntlm/ntlmv2.
Robert
- --
________
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1s+8AACgkQup357T5MfTavTQCgtr2iYkBpIaAGwGvgu0ZwCb5t
45cAoIePLwkKfp/+SXR6IS+6iXH+AoUj
=2sXL
-----END PGP SIGNATURE-----
More information about the samba
mailing list