svn commit: samba r12383 - in branches/SAMBA_4_0/source:
kdc setup
John L.Utz III
jutz at centeris.com
Tue Dec 20 21:29:12 GMT 2005
At Tue, 20 Dec 2005 21:50:43 +0100,
Simo Sorce wrote:
>
> On mar, 2005-12-20 at 00:00 +0000, abartlet at samba.org wrote:
> > Author: abartlet
> > Date: 2005-12-20 00:00:48 +0000 (Tue, 20 Dec 2005)
> > New Revision: 12383
> >
> > WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12383
> >
> > Log:
> > Fixes for Apple's AD client. Don't segfualt in the KDC, and they
> > require the isSynchronized flag in the rootDSE.
>
> what does the isSyncronized flag mean ?
Wiser heads might have a different answer, but my understanding is
that this indicates that in a multi dc environment the queried dc
thinks that it knows everything that it's fellow dc's know about the
membership in the directory (AD DB replication has occurred and
completed successfully).
This is due to the fact that in a multi dc environment, a winclient
will start and complete is join activity with only 1 dc.
As a result, the other dc doesnt know that the join occurred until a
replication occurs.
Thus, if the freshly joined winclient wants to have another AD
conversation, it might end up talking to the *other* dc due to
MS-DNS's round-robin 'load-balancing' strategy of never returning the
same dc for sequential lookups of the AD name and it's conversation
request will not be honored.
So, somehow, checking the 'isSynchronized' tag in the RootDSE will
inform you of the state of this relationship.
Based on my limited understanding, it seems that the isSynchronized
thing cant possibly get it right all the time because it seems to
require ESP on the part of the domain controller and my understanding
was that this feature was pulled from W2K3 SP2 due to anti-trust
concerns.
>
> Simo.
>
More information about the samba-technical
mailing list