[Samba] AD and SAMBA

[Biju_babu at cargill.com]

Thanx Andrew for the reply,

Simply omit 'password server' from your smb.conf.  By default we find the most appropriate DC to contact -- Do u have any doc or link  where I can read more about how does this works ?

Rgds 


-----Original Message-----
From: abartlet at samba.org [mailto:abartlet at samba.org] 
Sent: Friday, May 11, 2012 8:07 AM
To: Biju Babu (IT Services for Business ITSB Data, Integration and Application Services)
Cc: samba at lists.samba.org
Subject: Re: [Samba] AD and SAMBA

On Wed, 2012-05-09 at 18:31 +0530, Biju_babu at cargill.com wrote:
> Hello all,
> 
> I am trying to understand how SAMBA finds nearest Domain Controller 
> when configured to use Active Directory for AuthN.
> 
> There are some great articles and wikis about how to configure SAMBA 
> against AD, but couldn't find much on what I was looking for.
> 
> For example
> 1. Does Samba have built in dc locator functionality like windows 
> clients ?
> 2. What is the default authN it uses, NTLM or Kerb ?

This is up to the client to choose, we support both. 

> 3. I understand from an article
> (http://timstechnoblog.blogspot.com/search/label/Linux)  that Winbind 
> when configured to use * for domain controller will invoke Dc locator 
> mechanism, but couldn't completely understand the relation b/w Samba 
> and Winbind - is it SAMBA always uses winbind for AD communication and 
> authentication ?

Yes.  You should always start winbindd, and it will be the sole channel for communication with Active Directory.  

> Root of all these questions are, SAMBA AD config I saw is configured 
> to use a single password server, which is a single point of failure. I 
> am trying to figure out how to avoid that.

Simply omit 'password server' from your smb.conf.  By default we find the most appropriate DC to contact,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org