[Samba] Winbind is "sticky" on one DC

Jonathan Gazeley Jonathan.Gazeley at bristol.ac.uk
Wed Oct 1 04:56:09 MDT 2014

Hi chaps,

I've been using Winbind for several years to authenticate 802.1x 
wireless users against Active Directory via FreeRADIUS. The solution 
we've been using until now has been adequate but I've noticed some 
problematic behaviour. We're running all stock packages from CentOS 6 
repos. Current version of winbind is 3.6.9. Unfortunately the Windows 
DCs are managed by a different team and we don't have access to their 
settings or logs.

We locate domain controllers using a DNS round-robin on ads.bris.ac.uk 
which returns about 10 DCs. I've noticed that quite often, our three 
RADIUS servers all latch onto the same DC and cause loading problems.

In my smb.conf I've set "password server" to the DNS name of individual 
DCs but this parameter seems to be ignored. Even after restarting 
winbind or rebooting, the system always goes back to the same DC.

I've also tried explicitly setting the names of individual DCs in 
krb5.conf and this does not help the situation.

Can someone with winbind experience please explain what is going on, and 
how I can force my RADIUS servers to latch onto specific DCs for their 
authentications, so I can ensure that they don't all pile onto the same 
DC and overload it.


More information about the samba mailing list