LOKO MESO Michel
2019-May-14 13:55 UTC
[Samba] password server not sending authentication requests to a specified DC
Our goal is to have a particular DC which will be used by our proxy for user authentication. We tried to use only the required DC as a nameserver but that doesn't work, queries are still sent to other DCs. Michel
Rowland penny
2019-May-14 14:25 UTC
[Samba] password server not sending authentication requests to a specified DC
On 14/05/2019 14:55, LOKO MESO Michel via samba wrote:> Our goal is to have a particular DC which will be used by our proxy > for user authentication. > > We tried to use only the required DC as a nameserver but that doesn't > work, queries are still sent to other DCs. > > Michel > > >You still haven't said why you must use a particular DC, all DC's are equal, so it shouldn't matter which DC you connect to, you should get the same info back. That is unless one DC is in the same building and another is on the other side of the planet, in which case, you should investigate 'sites'. just one other thing, when replying to a thread, please reply, don't make a new post. Rowland
Rowland penny
2019-May-15 08:54 UTC
[Samba] password server not sending authentication requests to a specified DC
On 15/05/2019 09:08, LOKO MESO Michel wrote:> Yes, our DCs are equal but we added a new one that will only be used > by the server where samba is installed.This is where it gets difficult, I get the feeling that the original DC's are Windows DC's, not that this matters. By default, All domain members (including DC's) are in the 'Default-First-Site-Name' site and you cannot decide which DC to use, any of the DC's in the site will be used. You can create a new site and move the Samba DC to this, then move the required domain clients to the same site. Now, by default, the clients in the site will use the Samba DC, unless it goes down, at which point any DC will be used. Can I suggest an internet search on 'active directory sites' Rowland
Rowland penny
2019-May-15 16:11 UTC
[Samba] password server not sending authentication requests to a specified DC
On 15/05/2019 16:39, LOKO MESO Michel wrote:> Thanks for your reply. > > If I understand correctly, "password server" option won't work in my > case because all my DCs are in the same active directory site ? >That is correct, basically you use dns to find DC's and then the code decides which DC to use. Rowland