[Samba] SRV records.

Rowland penny rpenny at samba.org
Sun May 19 11:10:22 UTC 2019

On 19/05/2019 11:46, A. James Lewis via samba wrote:
> OK, fair point... perhaps I wasn't clear enough, this happens a lot... 
> probably my brain just operates on a different wavelength.... in my 
> original message I said "what method does it use to decide which is 
> the correct (most local?) domain controller to connect to"
> The answer I got was "it uses sites, you need to set up sites"... the 
> answer I was hoping for was one of

 From the info initially supplied, that was probably the only answer you 
could expect.

> a) "If your AD controller has sites set up, and you do the SRV lookup 
> against the AD controllers own DNS server then it will send you only 
> local AD controllers based on the source subnet of the DNS query"
> or
> b) "If your AD controller has sites set up,then there will be some 
> broadcast magic happening from the AD controller informing the clients 
> how to prioritize the AD servers returned from the SRV query"
It is actually a mixture of a & b ;-)
> or
> c) /something else/
> Having read the samba wiki article on sites you linked (Thanks 
> muchly), and the microsoft technet it references, I'm now even more 
> confused, since you stated that nothing needs to be done at the client 
> and it works exactly like a windows client... and that samba does not 
> support sites (which in light of the earlier comment, I took to mean 
> that support for sites is not in the client).
I did say that the page needs updating, but Samba does support sites. It 
was samba-tool that didn't support creating sites, but it does now, 
updating that page is on my 'things to do' list.
> However, the technet article states that "When a client requests a 
> domain controller, it provides its site name to DNS."... which implies 
> that there must be some support in the client... and the Samba Wiki 
> article suggests that this information is encoded into the SRV query, 
> under a "sites" subdomain, which also implies that the client is 
> complicit, and must know it's site name.
Good point, I will look into this, but the 'SRV' record should exist in 
AD if 'sites' is set up correctly.
> Finally, the original comment is that it does not work if I query via 
> a BIND nameserver, which seems not to make sense if it's just encoded 
> in a subdomain, a'la 
> "_ldap._tcp._MySite_._sites.dc._msdcs.samdom.example.com". This makes 
> me think that there must be a "site =" parameter in the smb.conf.
Not to my knowledge, but winbind is site aware, so, as far as I am 
aware, it should work.
> I hope it's clear why I'm confused.... and I apologize if I 
> contributed to said confusion.

No problem, but you have got me thinking, I don't use sites, so I will 
have to set up a test domain to test all this ;-)


