List all of your DC's as kdc entries or don't list any of them.
If kdc entries are present, the kerberos library will use only
those entries. If there are no kdc entries in the realm section
the kerberos library will locate kdc's dynamically.
If you don't have 6779186, you will need to refresh smb/server in
order to have it select another DC.
Alan
-------- Original Message --------
Subject: [cifs-discuss] How to specify primary and secondary DC for
handling failovers?
Date: Wed, 08 Sep 2010 11:49:42 PDT
From: Peter Taps <no-re...@opensolaris.org>
To: cifs-discuss@opensolaris.org
Folks,
When sharing a CIFS folder within the AD environment, I need to make sure
that the cifs server is able to authenticate using secondary domain
controller if the primary domain controller is not reachable. I guess the
only place to achieve this is by specifying the settings in /etc/krb5/krb5.conf.
Here are the contents of my working /etc/krb5/krb5.conf:
libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = dc.example.com
admin_server = dc.example.com
kpasswd_server = dc.example.com
kpasswd_protocol = SET_CHANGE
}
[domain_realm]
.example.com = EXAMPLE.COM
Here, the domain is example.com and the primary domain controller is
dc.example.com.
I am wondering how can I extend this to add the secondary domain controller.
Or, does the system automatically fetches information on other domain
controllers and I don't really have to worry?
Thank you in advance for your help.
Regards,
Peter
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
