[Samba] Winbind is "sticky" on one DC
Jonathan.Gazeley at bristol.ac.uk
Wed Oct 1 04:56:09 MDT 2014
I've been using Winbind for several years to authenticate 802.1x
wireless users against Active Directory via FreeRADIUS. The solution
we've been using until now has been adequate but I've noticed some
problematic behaviour. We're running all stock packages from CentOS 6
repos. Current version of winbind is 3.6.9. Unfortunately the Windows
DCs are managed by a different team and we don't have access to their
settings or logs.
We locate domain controllers using a DNS round-robin on ads.bris.ac.uk
which returns about 10 DCs. I've noticed that quite often, our three
RADIUS servers all latch onto the same DC and cause loading problems.
In my smb.conf I've set "password server" to the DNS name of individual
DCs but this parameter seems to be ignored. Even after restarting
winbind or rebooting, the system always goes back to the same DC.
I've also tried explicitly setting the names of individual DCs in
krb5.conf and this does not help the situation.
Can someone with winbind experience please explain what is going on, and
how I can force my RADIUS servers to latch onto specific DCs for their
authentications, so I can ensure that they don't all pile onto the same
DC and overload it.
More information about the samba