work vlpl
2016-Sep-18 17:01 UTC
[Samba] Are winbind and wbinfo Acitve Directory Site aware?
Hello.
I am faced the issue of working winbind/wbinfo in a large Windows Domain.
My Windows Domain (Win 2008 R2) has many Active Directory Sites, and I
have network access only to my local AD site.
I successfully join my linux computer to domain and command `net ads
lookup` says what all is ok
Response Type: LOGON_SAM_LOGON_RESPONSE_EX
GUID: XXX-XXX-XXX
Flags:
Is a PDC: no
Is a GC of the forest: yes
Is an LDAP server: yes
Supports DS: yes
Is running a KDC: yes
Is running time services: yes
Is the closest DC: yes
Is writable: yes
Has a hardware clock: no
Is a non-domain NC serviced by LDAP server: no
Is NT6 DC that has some secrets: no
Is NT6 DC that has all secrets: yes
Runs Active Directory Web Services: yes
Runs on Windows 2012 or later: no
Forest: example.domain.com
Domain: example.domain.com
Domain Controller: DC01.example.domain.com
Pre-Win2k Domain: EXAMPLE
Pre-Win2k Hostname: DC01
Server Site Name : MYLOCALSITE
Client Site Name : MYLOCALSITE
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff
But when I run `wbinfo -t` I see in conntrack table connections to not
my local DC, but to remote. And winbind wait till connection drop by
timeout, and then try next DC server. It seems like winbind not
respect AD Sites structure, but relies only on the dns records.
smb.conf file has `password server` option, but when I set it with ip
address of DC in my local AD site, winbind still continues to make
attempts to connect to not mine local DC.
I found several references on the Internet what winbind is site-aware
1. https://www.samba.org/~gd/slides/SambaXP2007.pdf 7 slice claims
winbind is support AD site from 3.0.25 version.
2. https://www.samba.org/samba/docs/man/manpages/smb.conf.5.html in
descriptions `create krb5 conf (G)` option
But from my experiments winbind not respect AD Sites.
So my questions are winbind and wbinfo Acitve Directory Site aware?
---
Vladimir
Apparently Analagous Threads
Wisdom of the Ancients
