Re: [Samba] kvno problem when accessing "bdc" as \\domain.com
On 10/09/2012 09:58 PM, Hannu Tikka wrote: So the \\domain.com\sysvol should work? Exact It's because we have domain DFS implemented for sysvol and netlogon shares. What is happening behind the scene when a Windows client tries to connect to \\domain.com\sysvol is that one of the DC will instruct the client that it support DFS and client and server will enter into a DFS resolution exchange where at the end the client get a list of server holding the sysvol share (ie. \\dc1.domain.com\sysvol, \\dc2.domain.com\sysvol) then the client request a kerberos ticket for one of the DC and the usual connection takes place. Matthieu. On Tue, 2012-10-09 at 14:38 +0300, Hannu Tikka wrote: Hi! I have a samba4 domain with two r/w directory controllers. DNS is set up so that domain.com name adresses both servers for redundancy. But workstaions can't contact second server with address \\domain.com becuse the kvno is different that first servers kvno and when using \\domain.com address the kvno seems to be always first servers kvno. Can I somehow increase the second servers kvno or is there other solutions You have to access each server by name. Even if the kvno was identical, the kerberos key would be different. There is a special case used for sysvol shares, but all it does is redirect the user to the right server. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] kvno problem when accessing "bdc" as \\domain.com
So the \\domain.com\sysvol should work? > On Tue, 2012-10-09 at 14:38 +0300, Hannu Tikka wrote: >> Hi! >> >> I have a samba4 domain with two r/w directory controllers. DNS is set up >> so that domain.com name adresses both servers for redundancy. But >> workstaions can't contact second server with address \\domain.com >> becuse >> the kvno is different that first servers kvno and when using >> \\domain.com >> address the kvno seems to be always first servers kvno. >> Can I somehow increase the second servers kvno or is there other >> solutions > > You have to access each server by name. Even if the kvno was identical, > the kerberos key would be different. > > There is a special case used for sysvol shares, but all it does is > redirect the user to the right server. > > Andrew Bartlett > > -- > Andrew Bartletthttp://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] kvno problem when accessing "bdc" as \\domain.com
On Tue, 2012-10-09 at 14:38 +0300, Hannu Tikka wrote: > Hi! > > I have a samba4 domain with two r/w directory controllers. DNS is set up > so that domain.com name adresses both servers for redundancy. But > workstaions can't contact second server with address \\domain.com becuse > the kvno is different that first servers kvno and when using \\domain.com > address the kvno seems to be always first servers kvno. > Can I somehow increase the second servers kvno or is there other solutions You have to access each server by name. Even if the kvno was identical, the kerberos key would be different. There is a special case used for sysvol shares, but all it does is redirect the user to the right server. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba