Robinson, Eric
2011-Feb-28 06:03 UTC
[Samba] What if my Windows AD Domain Controller Goes Down?
There are three DCs in my Windows 2003 AD domain, but I have noticed that only one of them is referenced in my krb.conf and krb5.conf. Should there be a reference to one or two of the other domain controllers? If the DC goes down, how will my Samba/Winbind servers authenticate? -- Eric Robinson Disclaimer - February 27, 2011 This email and any files transmitted with it are confidential and intended solely for samba. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physicians' Managed Care or Physician Select Management. Warning: Although Physicians' Managed Care or Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol: http://www.policypatrol.com/
Robinson, Eric
2011-Mar-01 02:29 UTC
[Samba] Should krb.conf and krb5.conf have entries for multiple domain controllers?
There are three DCs in my Windows AD domain, but I have noticed that only one of them is referenced in my krb.conf and krb5.conf. Should there be a reference to one or two of the other domain controllers? If the DC goes down, how will my Samba/Winbind servers authenticate? -- Eric Robinson Disclaimer - February 28, 2011 This email and any files transmitted with it are confidential and intended solely for samba. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physicians' Managed Care or Physician Select Management. Warning: Although Physicians' Managed Care or Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol: http://www.policypatrol.com/
Robert Freeman-Day
2011-Mar-01 13:59 UTC
[Samba] Should krb.conf and krb5.conf have entries for multiple domain controllers?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/28/2011 09:29 PM, Robinson, Eric wrote:> There are three DCs in my Windows AD domain, but I have > noticed that only one of them is referenced in my krb.conf > and krb5.conf. Should there be a reference to one or two of > the other domain controllers? If the DC goes down, how will > my Samba/Winbind servers authenticate? > > > -- > Eric Robinson > >Eric, There should be no problem putting each DC in your krb.conf file. It does allow for failover for kerberos. In your smb.conf file you will also want to list the servers in your "password server" parameter, separated by spaces. Depending on how your samba/winbind is implemented, and the default way most windows domain member machines work, is that they will go to kerberos first then go to lanman/ntlm/ntlmv2. Robert - -- ________ Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1s+8AACgkQup357T5MfTavTQCgtr2iYkBpIaAGwGvgu0ZwCb5t 45cAoIePLwkKfp/+SXR6IS+6iXH+AoUj =2sXL -----END PGP SIGNATURE-----
Apparently Analagous Threads
- Intermittently Get "Target filesystem does not support long file names" when copying file to Samba share
- Selective Survival Statistics with R
- How to Configure Samba to Use Multiple AD Logon Servers for Redundancy
- Linux Servers in an AD Domain with Multiple Windows Domain Controllers
- Long to wide format without time variable