redundant load balancing and mschap
Phil Mayers
p.mayers at imperial.ac.uk
Fri Aug 24 23:23:26 CEST 2012
On 08/24/2012 08:11 PM, McNutt, Justin M. wrote:
> Grrr...
> This is probably a Samba issue - a known one? - but I can't seem to get
> AD authentications to hit multiple DCs. Everything goes to the one
This is indeed a Samba issue, and unfortunately a hard one to fix.
ntlm_auth doesn't talk over the network - rather, it talks over a Unix
socket to winbind. Winbind maintains a *single* open session to a DC,
and sends all the domain RPCs down this pipe.
Winbind discovers the DC from the AD subnet/site queries and builds an
app-specific kerberos config that will show you this - see
/var/lib/samba/smb_krb5/krb5.conf.<DOMNAME>
If you want to force connections to separate domain controllers, you'll
need separate smbd/winbindd instances running, with their own unix
sockets and smb.conf setups. This will probably be hard, and fragile.
My advice - don't, unless you really really need to.
More information about the Freeradius-Users
mailing list