On 10/09/2012 09:58 PM, Hannu Tikka wrote:
So the \\domain.com\sysvol should work?
Exact
It's because we have domain DFS implemented for sysvol and netlogon shares.
What is happening behind the scene when a Windows client tries to
connect to \\domain.com\sysvol is that one of the DC will instruct the
client that it support DFS and client and server will enter into a DFS
resolution exchange where at the end the client get a list of server
holding the sysvol share (ie. \\dc1.domain.com\sysvol,
\\dc2.domain.com\sysvol) then the client request a kerberos ticket for
one of the DC and the usual connection takes place.
Matthieu.
On Tue, 2012-10-09 at 14:38 +0300, Hannu Tikka wrote:
Hi!
I have a samba4 domain with two r/w directory controllers. DNS is set up
so that domain.com name adresses both servers for redundancy. But
workstaions can't contact second server with address \\domain.com
becuse
the kvno is different that first servers kvno and when using
\\domain.com
address the kvno seems to be always first servers kvno.
Can I somehow increase the second servers kvno or is there other
solutions
You have to access each server by name. Even if the kvno was identical,
the kerberos key would be different.
There is a special case used for sysvol shares, but all it does is
redirect the user to the right server.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
Matthieu Patou
Samba Team
http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
