[Samba] Are winbind and wbinfo Acitve Directory Site aware?

work vlpl thework.vlpl at gmail.com
Sun Sep 18 17:01:49 UTC 2016 

Hello.

I am faced the issue of working winbind/wbinfo in a large Windows Domain.
My Windows Domain (Win 2008 R2) has many Active Directory Sites, and I
have network access only to my local AD site.
I successfully join my linux computer to domain and command `net ads
lookup` says what all is ok

Response Type: LOGON_SAM_LOGON_RESPONSE_EX
GUID: XXX-XXX-XXX
Flags:
        Is a PDC:                                   no
        Is a GC of the forest:                      yes
        Is an LDAP server:                          yes
        Supports DS:                                yes
        Is running a KDC:                           yes
        Is running time services:                   yes
        Is the closest DC:                          yes
        Is writable:                                yes
        Has a hardware clock:                       no
        Is a non-domain NC serviced by LDAP server: no
        Is NT6 DC that has some secrets:            no
        Is NT6 DC that has all secrets:             yes
        Runs Active Directory Web Services:         yes
        Runs on Windows 2012 or later:              no
Forest:                 example.domain.com
Domain:                 example.domain.com
Domain Controller:      DC01.example.domain.com
Pre-Win2k Domain:       EXAMPLE
Pre-Win2k Hostname:     DC01
Server Site Name :              MYLOCALSITE
Client Site Name :              MYLOCALSITE
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff

But when I run `wbinfo -t` I see in conntrack table connections to not
my local DC, but to remote. And winbind wait till connection drop by
timeout, and then try next DC server. It seems like winbind not
respect AD Sites structure, but relies only on the dns records.

smb.conf file has `password server` option, but when I set it with ip
address of DC in my local AD site, winbind still continues to make
attempts to connect to not mine local DC.

I found several references on the Internet what winbind is site-aware

1. https://www.samba.org/~gd/slides/SambaXP2007.pdf 7 slice claims
winbind is support AD site from 3.0.25 version.
2. https://www.samba.org/samba/docs/man/manpages/smb.conf.5.html  in
descriptions `create krb5 conf (G)` option

But from my experiments winbind not respect AD Sites.
So my questions are winbind and wbinfo Acitve Directory Site aware?

---
Vladimir

More information about the samba mailing list