Robinson, Eric
2011-Nov-02 06:29 UTC
[Samba] How to Configure Samba to Use Multiple AD Logon Servers for Redundancy
Our samba boxes are integrated with our Windows 2003 AD domain, with Windows servers acting as AD domain controllers. Everything is working fine, but in my krb.conf and krb5.conf files on my Linux boxes, I currently only have one Windows server specified as the AD logon server. If that server is down, I suspect that Linux users could not login. How to I specify more than one AD domain controller in my Kerberos/samba config files? -- Eric Robinson Disclaimer - November 1, 2011 This email and any files transmitted with it are confidential and intended solely for samba at lists.samba.org. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physicians' Managed Care or Physician Select Management. Warning: Although Physicians' Managed Care or Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. This disclaimer was added by Policy Patrol: http://www.policypatrol.com/
Marcel de Reuver
2011-Nov-02 10:25 UTC
[Samba] How to Configure Samba to Use Multiple AD Logon Servers for Redundancy
2011/11/2 Robinson, Eric <eric.robinson at psmnv.com>> Our samba boxes are integrated with our Windows 2003 AD domain, with > Windows servers acting as AD domain controllers. Everything is working > fine, but in my krb.conf and krb5.conf files on my Linux boxes, I > currently only have one Windows server specified as the AD logon server. > If that server is down, I suspect that Linux users could not login. How > to I specify more than one AD domain controller in my Kerberos/samba > config files? > > > -- > Eric Robinson > >You can point to more DC's: [realms] YOURDOMAIN.COM = { kdc = pdc.yourdomain.com kdc = dc-01.yourdomain.com kdc = dc-02.yourdomain.com admin_server = pdc.yourdomain.com master_kdc = pdc.yourdomain.com } -- BR, Marcel de Reuver
Andrew Bartlett
2011-Nov-04 21:15 UTC
[Samba] How to Configure Samba to Use Multiple AD Logon Servers for Redundancy
On Tue, 2011-11-01 at 23:29 -0700, Robinson, Eric wrote:> Our samba boxes are integrated with our Windows 2003 AD domain, with > Windows servers acting as AD domain controllers. Everything is working > fine, but in my krb.conf and krb5.conf files on my Linux boxes, I > currently only have one Windows server specified as the AD logon server. > If that server is down, I suspect that Linux users could not login. How > to I specify more than one AD domain controller in my Kerberos/samba > config files?For Samba, just don't specify 'password server'. For krb5.conf, set [libdefaults] dns_lookup_kdc = true It is actually less work to have this 'do the right thing' than to hard-code a single server :-) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
Reasonably Related Threads
- What if my Windows AD Domain Controller Goes Down?
- Linux Servers in an AD Domain with Multiple Windows Domain Controllers
- Long Pause the First Time I Do an 'ls' on Linux.
- New Samba Error We Have Not Seen Before
- Intermittently Get "Target filesystem does not support long file names" when connecting to samba from Windows 2003 R2 Servers