[Samba] AD and SAMBA

Andrew Bartlett abartlet at samba.org
Thu May 10 20:37:22 MDT 2012

On Wed, 2012-05-09 at 18:31 +0530, Biju_babu at cargill.com wrote:
> Hello all,
> I am trying to understand how SAMBA finds nearest Domain Controller when
> configured to use Active Directory for AuthN.
> There are some great articles and wikis about how to configure SAMBA
> against AD, but couldn't find much on what I was looking for.
> For example
> 1. Does Samba have built in dc locator functionality like windows
> clients ?
> 2. What is the default authN it uses, NTLM or Kerb ?

This is up to the client to choose, we support both. 

> 3. I understand from an article
> (http://timstechnoblog.blogspot.com/search/label/Linux)  that Winbind
> when configured to use * for domain controller will invoke Dc locator
> mechanism, but couldn't completely understand the relation b/w Samba and
> Winbind - is it SAMBA always uses winbind for AD communication and
> authentication ? 

Yes.  You should always start winbindd, and it will be the sole channel
for communication with Active Directory.  

> Root of all these questions are, SAMBA AD config I saw is configured to
> use a single password server, which is a single point of failure. I am
> trying to figure out how to avoid that.

Simply omit 'password server' from your smb.conf.  By default we find
the most appropriate DC to contact,

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list