On Mon, 2008-04-21 at 05:44 +0200, Volker Lendecke wrote:
> On Sun, Apr 20, 2008 at 01:33:17PM -0700, Zachary Loafman wrote:
> > So .. are ctdbs maintaining separate sessions to each DC using the same
> > machine account, and have you had any problems with that, or are the
> > smbds talking to one winbind so there's only one cluster<->DC session?
> We're using separate connections per node.
> Samba is protecting certain parts of the NETLOGON pipe setup
> with a mutex, I'd have to look at exactly what. Our
> experience is that once you have a working NETLOGON schannel
> connection using the same wks account, the credential chains
> seem to work independently of each other.
This problem is avoided when the SamLogon call is changed to SamLogonEx,
which over schannel is not bound to the credentials chaining. This
avoids the need to mutex this stuff between hosts (as would otherwise be
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com