_kerberos-master - SRV record by design is not registered in Active Directory/DNS, but many *nix systems tries to locate this record. I can register single or multiple records (to use round-robin) and point *nix systems to selected domain controllers in Active Directory.
And... it is not exactly true. *nix systems tries to locate this record only just in case when password is wrong and this _kerberos-master domain controller should have the freshest password in the network. For me - almost every domain controller receiving passwords in the same time. We have two sites, but there is no wait before replication. On both production domains we have low number of domain controllers so srv record is only for *nix systems, to ensure them, that they have all required data.
Currently we will have fresh servers from *nix family in domain so it will be very useful and better configured.
Brak komentarzy:
Prześlij komentarz