Casey Allen Shobe
2010-Mar-09 20:30 UTC
[Samba] Active Directory domain controller authentication order
Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe casey at shobe.info
Vaudo, David
2010-Mar-09 20:38 UTC
[Samba] Active Directory domain controller authentication order
Make sure the subnets in AD Sites and Services are correctly configured. I believe they perform to functions: 1. To control DC replication traffic between sites. 2. To make clients authenticate with local domain controllers first. Thanks David -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Casey Allen Shobe Sent: Tuesday, March 09, 2010 3:31 PM To: samba at lists.samba.org Subject: [Samba] Active Directory domain controller authentication order Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe casey at shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Chris Howells
2010-Mar-09 20:47 UTC
[Samba] Active Directory domain controller authentication order
Hi, Casey Allen Shobe wrote:> which is backwards. I'm not even certain where to check what they are > actually attempting to authenticate against,echo %LOGONSERVER% at the DOS prompt will tell you. > but whenever a VPN tunnel we> have to an upstream office breaks, logins and file share browsing and other > stuff slows to a crawl.I believe that you can use the option "init logon delay" To forcibly make remote Sambas announce reply more slowly to broadcasts and make them less likely to become the logon server.
dnorman at internode.on.net
2010-Mar-09 23:29 UTC
[Samba] Active Directory domain controller authentication order
I'm having the same problem with the wrong DC being used. I think it might be the Kerberos setup on the Unix box that's at fault, as it only points to the offsite DC not the local one, though it could allow for multiple. Our support organisation is investigating ... On Wed 10/03/10 7:51 AM , "Vaudo, David" DVAUDO at bentley.edu sent: Set will tell you which logon server has handled the clients logon. Look for LOGONSERVER: There could be something wrong with our local DC. Run DCDIAG and check the event viewer for errors in directory service and DNS. From: Casey Allen Shobe [casey at shobe.info [1]] Sent: Tuesday, March 09, 2010 4:12 PM To: Vaudo, David Cc: samba at lists.samba.org [2] Subject: Re: [Samba] Active Directory domain controller authentication order Thanks, I've found the following, as I only have read-only access to the sites and services stuff: * Our subnet is associated with our site definition. * Under our site --> Servers, only the local domain controller is listed. I also googled around and found out about "set l" on the command line, which shows our local DC. But I'm not sure how useful this is, because the VPN tunnel has been broken for a couple days and the logins are more recent than that. On Tue, Mar 9, 2010 at 3:38 PM, Vaudo, David wrote: Make sure the subnets in AD Sites and Services are correctly configured. I believe they perform to functions: 1. To control DC replication traffic between sites. 2. To make clients authenticate with local domain controllers first. Thanks David -----Original Message----- From: samba-bounces at lists.samba.org [samba-bounces at lists.samba.org [5]] On Behalf Of Casey Allen Shobe Sent: Tuesday, March 09, 2010 3:31 PM To: samba at lists.samba.org Subject: [Samba] Active Directory domain controller authentication order Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe casey at shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [9] -- Casey Allen Shobe casey at shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [11] Links: ------ [1] mailto:casey at shobe.info [2] mailto:samba at lists.samba.org [3] mailto:DVAUDO at bentley.edu [4] mailto:samba-bounces at lists.samba.org [5] mailto:samba-bounces at lists.samba.org [6] mailto:samba-bounces at lists.samba.org [7] mailto:samba at lists.samba.org [8] mailto:casey at shobe.info [9] https://lists.samba.org/mailman/options/samba [10] mailto:casey at shobe.info [11] https://lists.samba.org/mailman/options/samba