samba4 high availability
Andrew Bartlett
abartlet at samba.org
Mon Jun 2 03:50:20 GMT 2008
On Sun, 2008-06-01 at 17:33 +0400, Matthieu PATOU wrote:
> Dear all,
>
> I was wondering if it was a correct solution to achieve domain controller high availability by duplicating in real-time
> the samba directory (and maybe bind zones also) via DRDB and heartbeat/carp.
>
> Heartbeat will be responsible of transferring IP address and starting a samba controller on the heartbeat slave in case
> of failure of the master.
>
> I know that it is also possible to achieve HA mostly out of the box by using open ldap as ldap backend, but is it
> possible to upgrade from samba built-in ldap backend to another one without provisioning ? and what about sysvol and
> netlogon share in this case ?
I really thing a better approach is to use BIND master/slave
configuration for the zone, inotify+rsync for the netlogon share and
LDAP for the LDB data replication.
This should give you an active/active master/slave server arrangement,
which is far more robust than active/passive failover.
The weakest point is the need for OpenLDAP to better handle our linked
attributes, or for Fedora DS to handle subtree renames. Both would need
to be manually secured from external access to the LDAP server (the only
access control is on the samba side, LDAP is configured for anonymous
access at this stage of it's technical demonstration).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080602/780a7be0/attachment.bin
More information about the samba-technical
mailing list