[Samba] central PDC + remote BDCs: LDAP strategy, my lack of comprehension
sven.ehret at comdok.de
sven.ehret at comdok.de
Thu Aug 20 06:24:32 MDT 2009
Hello, I am trying to figure out how to implement a samba domain in a
number of remote offices around the world with partly bad and often
interrupted WAN connections/VPNs. The goal is to administer the directory
from the central data center.
My obvious choice would be to set up a central server with
SAMBA+OpenLDAP+smbldap-tools and in each remote office a SAMBA server with
OpenLDAP as a read-only slave from the central master.
Although I seem to make progress, it seems that the more time I invest in
this project, the more questions emerge. My latest issue made me create
this mailman account.
My question is: When the remote SAMBA server only talks to its own local,
read-only LDAP slave, how is it going to change user/machine passwords or
add machine accounts (when joining the domain)?
In my test setup an XP client inisisted on trying to join the BDC, failing
because a) smbldap-tools is not installed or b) it could not write to the
slave LDAP directory.
I surely could configure the remote SAMBA to talk to the central OpenLDAP
service, but then I would not need LDAP replication and would not have a
failover in case the WAN link goes down.
There was the SAMBA option to have multiple tdbsam backends but this is
not supported anymore.
I hope that my explanation does enable somebody to give me a hint
understanding what can/should/must be done.
Kind regards
Sven Ehret
More information about the samba
mailing list