[31799] in Kerberos
Re: DNS lookups with dns_lookup* = false
daemon@ATHENA.MIT.EDU (apmailist@free.fr)
Wed Dec 23 11:32:25 2009
Message-ID: <1261585884.4b3245dc0e977@imp.free.fr>
Date: Wed, 23 Dec 2009 17:31:24 +0100
From: apmailist@free.fr
To: kerberos@mit.edu
Cc: kerberos@mit.edu
In-Reply-To: <65631e800912110851naef9eccw7bfd087598d61048@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Quoting Jeffrey Watts <jeffrey.w.watts@gmail.com>:
> What I've noticed is that if you use the -S option (to explicitly specify
> the server), 'net' seems to ignore that and use DNS instead. I've watched
> with the debug set to 5 and I've seen 'net' try to connect to different
> KDCs. I would assume that it would be good behavior if it were trying to
> access the -S server _first_, but its attempts seem to be purely random
> based on whatever is returned via DNS first.
>
ok,
so , still asking the samba list, where it is clear samba has its own behavior.
see the /var/cache/samba/smb_krb5/krb5.conf.<DOMAIN> file for example.
Then , I wanted to try how the failover would behave if the SRV
_kerberos-master._udp.<DOMAIN> record was present. But my Active Directory admin
says he has indeed the _kerberos._XX SRV record, but that he is not proposed
with the choice to add a _kerberos-master. record in the AD DNS system.
Has anyone stepped upon such a problem ?
Andrew
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
