DNS lookups with dns_lookup* = false
apmailist@free.fr
apmailist at free.fr
Wed Dec 23 11:31:24 EST 2009
Quoting Jeffrey Watts <jeffrey.w.watts at gmail.com>:
> What I've noticed is that if you use the -S option (to explicitly specify
> the server), 'net' seems to ignore that and use DNS instead. I've watched
> with the debug set to 5 and I've seen 'net' try to connect to different
> KDCs. I would assume that it would be good behavior if it were trying to
> access the -S server _first_, but its attempts seem to be purely random
> based on whatever is returned via DNS first.
>
ok,
so , still asking the samba list, where it is clear samba has its own behavior.
see the /var/cache/samba/smb_krb5/krb5.conf.<DOMAIN> file for example.
Then , I wanted to try how the failover would behave if the SRV
_kerberos-master._udp.<DOMAIN> record was present. But my Active Directory admin
says he has indeed the _kerberos._XX SRV record, but that he is not proposed
with the choice to add a _kerberos-master. record in the AD DNS system.
Has anyone stepped upon such a problem ?
Andrew
More information about the Kerberos
mailing list