Hello all, I am trying to understand how SAMBA finds nearest Domain Controller when configured to use Active Directory for AuthN. There are some great articles and wikis about how to configure SAMBA against AD, but couldn't find much on what I was looking for. For example 1. Does Samba have built in dc locator functionality like windows clients ? 2. What is the default authN it uses, NTLM or Kerb ? 3. I understand from an article (http://timstechnoblog.blogspot.com/search/label/Linux) that Winbind when configured to use * for domain controller will invoke Dc locator mechanism, but couldn't completely understand the relation b/w Samba and Winbind - is it SAMBA always uses winbind for AD communication and authentication ? Root of all these questions are, SAMBA AD config I saw is configured to use a single password server, which is a single point of failure. I am trying to figure out how to avoid that. Feel free to correct me if I asked stupid questions, my knowledge with SAMBA and other components are very limited. Much appreciate your help. Rgds Biju
Any suggestions on this ? Rgds -----Original Message----- From: Babu, Biju - Biju_Babu at cargill.com Sent: Wednesday, May 09, 2012 6:32 PM To: samba at lists.samba.org Subject: AD and SAMBA Hello all, I am trying to understand how SAMBA finds nearest Domain Controller when configured to use Active Directory for AuthN. There are some great articles and wikis about how to configure SAMBA against AD, but couldn't find much on what I was looking for. For example 1. Does Samba have built in dc locator functionality like windows clients ? 2. What is the default authN it uses, NTLM or Kerb ? 3. I understand from an article (http://timstechnoblog.blogspot.com/search/label/Linux) that Winbind when configured to use * for domain controller will invoke Dc locator mechanism, but couldn't completely understand the relation b/w Samba and Winbind - is it SAMBA always uses winbind for AD communication and authentication ? Root of all these questions are, SAMBA AD config I saw is configured to use a single password server, which is a single point of failure. I am trying to figure out how to avoid that. Feel free to correct me if I asked stupid questions, my knowledge with SAMBA and other components are very limited. Much appreciate your help. Rgds Biju
On Wed, 2012-05-09 at 18:31 +0530, Biju_babu at cargill.com wrote:> Hello all, > > I am trying to understand how SAMBA finds nearest Domain Controller when > configured to use Active Directory for AuthN. > > There are some great articles and wikis about how to configure SAMBA > against AD, but couldn't find much on what I was looking for. > > For example > 1. Does Samba have built in dc locator functionality like windows > clients ? > 2. What is the default authN it uses, NTLM or Kerb ?This is up to the client to choose, we support both.> 3. I understand from an article > (http://timstechnoblog.blogspot.com/search/label/Linux) that Winbind > when configured to use * for domain controller will invoke Dc locator > mechanism, but couldn't completely understand the relation b/w Samba and > Winbind - is it SAMBA always uses winbind for AD communication and > authentication ?Yes. You should always start winbindd, and it will be the sole channel for communication with Active Directory.> Root of all these questions are, SAMBA AD config I saw is configured to > use a single password server, which is a single point of failure. I am > trying to figure out how to avoid that.Simply omit 'password server' from your smb.conf. By default we find the most appropriate DC to contact, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org