On 08/24/2012 08:11 PM, McNutt, Justin M. wrote:
Grrr...
This is probably a Samba issue - a known one? - but I can't seem to get
AD authentications to hit multiple DCs. Everything goes to the one
This is indeed a Samba issue, and unfortunately a hard one to fix.
ntlm_auth doesn't talk over the network - rather, it talks over a Unix
socket to winbind. Winbind maintains a *single* open session to a DC,
and sends all the domain RPCs down this pipe.
Winbind discovers the DC from the AD subnet/site queries and builds an
app-specific kerberos config that will show you this - see
/var/lib/samba/smb_krb5/krb5.conf.<DOMNAME>
If you want to force connections to separate domain controllers, you'll
need separate smbd/winbindd instances running, with their own unix
sockets and smb.conf setups. This will probably be hard, and fragile.
My advice - don't, unless you really really need to.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
