[Samba] how to manually specify domain controllers

Dennis Xu dxu at uoguelph.ca
Mon Apr 11 12:55:12 UTC 2016 

Hi Jonathan, 

Thank you for your reply. I have FreeRadius installed on both Samba servers and authenticate to Active Directory domain controllers(not the local Samba server). In this scenario, there is possibility that both Samba servers pick up the same domain controller(using DNS resolution) to authenticate which could cause uneven load problem. 

Dennis 



Dennis Xu, MASc, CCIE #13056 
Analyst 3, Network Infrastructure 
Computing and Communications Services(CCS) 
University of Guelph 

519-824-4120 Ext 56217 
dxu at uoguelph.ca 
www.uoguelph.ca/ccs 

----- Original Message -----

From: "Jonathan Hunter" <jmhunter1 at gmail.com> 
To: "samba" <samba at lists.samba.org> 
Sent: Sunday, April 10, 2016 8:56:05 PM 
Subject: Re: [Samba] how to manually specify domain controllers 

Hi, 

I see you have had no replies as of yet.. Can you clarify the scenario - is 
freeradius installed on both of your samba servers, and configured to 
authenticate against the local samba server for active directory 
integration? Or is the scenario something different? 

I use freeradius here; each of my DCs has freeradius installed and 
configured to use the local samba server. But it's down to my radius 
clients to pick the correct DC / radius server to authenticate against, if 
I want to spread the load.. 

J 

On 8 April 2016 at 21:19, Dennis Xu <dxu at uoguelph.ca> wrote: 

> We have two Samba 4.2.3 servers with FreeRadius to authenticate wireless 
> users against active directory. Using DNS, sometimes both servers end up 
> using the same domain controller to authenticate users. I would like to 
> distribute the load to different DCs. Is there a way to manually point 
> Samba to certain DCs? 
> 
> I tried the following configuration: 
> security = ads 
> password server = dc05.cfs.uoguelph.ca 
> realm = cfs.uoguelph.ca 
> 
> But after restarted the smb, nmb and winbind servers, the server is still 
> using the old DC for authentication(not switching to dc05.cfs.uoguelph.ca). 
> Any ideas? 
> 
> Thanks! 
> 
> 
> Dennis Xu 
> -- 
> To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba 
> 



-- 
"If we knew what it was we were doing, it would not be called research, 
would it?" 
- Albert Einstein 
-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list