[Samba] Samba domain member DC preferred list

Alexey A Nikitin nikitin at amazon.com
Mon Apr 20 17:23:58 UTC 2020


On Monday, 20 April 2020 10:01:32 PDT Rowland penny via samba wrote:
> On 20/04/2020 17:49, Andrea Cucciarre' via samba wrote:
> > Does the "password server" setting in the smb.conf achieve it?
> No, you shouldn't use this, you should allow Samba to choose the best DC
> to use.
> >
> > On 4/20/2020 6:40 PM, Andrea Cucciarre' wrote:
> >> Hello,
> >>
> >> Is there a way to provide a list of DC that Samba should try to join?
> >> I know that in command "net ads join" I can use "-S" to select with
> >> DC to use, but it seems it doesn't accept list, only one single server.
> 
> Why do you feel you need to do this ?
> 
> If you do not specify a DC to use during the join, Samba will search for
> the best DC to use.
> 
> It might help if you can tell us why you need to specify a particular DC
> or list of DC's.
> 

If there is a need to provide such list that may be a sign that domain is misconfigured.

One of the situations I've ran into in the past is a customer who had DCs in the other sites inaccessible to the machines in a given site, yet the DNS SRV RRs still contained those DCs. In a setup like that it is recommended that only the DCs that are actually reachable would be returned by the DNS servers in a given site. Not following the recommendation merely slows things down for Windows, but can outright break tool like adcli (a situation my patch to it addresses). And even if all the DCs are properly reachable, normally the SRV RRs should contain the priority/weight numbers that would be influenced by the site link settings such that the slower or costlier the site link the less likely a client to select a DC in that site. All of this requires extra configuration, but if you have the control over the domain that one-time configuration removes the necessity of doing things like manually passing lists of preferred DCs everywhere.

That said, if you have no control over the domain (say, you're doing it for an external customer who's dead set on not fixing their domain), being able to pass a list of preferred DCs can be useful.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba/attachments/20200420/2b9d4167/signature.sig>


More information about the samba mailing list