samba-technical@lists.samba.org
[Top] [All Lists]

Re: clustered single machine account / NTLM

Subject: Re: clustered single machine account / NTLM
From: Andrew Bartlett
Date: Mon, 21 Apr 2008 09:33:27 +0200
On Mon, 2008-04-21 at 05:44 +0200, Volker Lendecke wrote:
> On Sun, Apr 20, 2008 at 01:33:17PM -0700, Zachary Loafman wrote:
> > So .. are ctdbs maintaining separate sessions to each DC using the same
> > machine account, and have you had any problems with that, or are the
> > smbds talking to one winbind so there's only one cluster<->DC session?
> 
> We're using separate connections per node.
> 
> Samba is protecting certain parts of the NETLOGON pipe setup
> with a mutex, I'd have to look at exactly what. Our
> experience is that once you have a working NETLOGON schannel
> connection using the same wks account, the credential chains
> seem to work independently of each other.

This problem is avoided when the SamLogon call is changed to SamLogonEx,
which over schannel is not bound to the credentials chaining.  This
avoids the need to mutex this stuff between hosts (as would otherwise be
required). 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

<Prev in Thread] Current Thread [Next in Thread>