[Samba] two PDCs
Tamás Pisch
pischta at gmail.com
Mon Jul 12 01:04:24 MDT 2010
2010/7/9 Scott Grizzard <scott at scottgrizzard.com>
Thank you for your detailed answer.
If I recall
> correctly, I think Chapter 6 refers to running BDC's in each remote
> office, and only one PDC...
>
In that chapter, there are two scenarios (one domain in all branches, or
separate domains with reduced traffic), and one more scenario mentioned as a
possible alternative with multiple PDCs:
"When Samba-3 is configured to use an LDAP backend, it stores the domain
account information in a directory entry. This account entry contains the
domain SID. An unintended but exploitable side effect is that this makes it
possible to operate with more than one PDC on a distributed network.
...
This concept has not been exhaustively validated, though we can see no
reason why this should not work..."
> I found it is much easier to set up two separate domains and have them
> trust each other, using different branches of the same LDAP tree.
> Then, let one server write to one branch, the other server write to
> the other branch, and do multi-master replication between them. That
> way, there is no worrying about simultaneous updates or any of that
> jazz. Not as cool...or as elegant, but it made my life easier by
> isolating problems.
Of course, my users only visited each others' offices "occasionally".
> If you have tons of movement between the offices, a one-domain
> solution may be forced upon you...
>
> Unfortunately, a lot of users are roaming users (teachers with laptop, and
users). My plan is that I will set up separate profile shares on both side,
but at least they can use their own username and even change their password.
So, I would like to try the multi-PDC scenario with master and slave LDAP
server, but I worry about a little.
>>> I have a PDC with master ldap backend and a BDC with slave ldap backend
>>> (both are SaMBa 3.2 on Debian Lenny). I want to install an additional
>>> SaMBa
>>> server on an another site (on Debian Squeeze). The two sites is
connected
>>> with VPN (on not so reliable ADSL lines). I read an interesting network
>>> scenario in the Samba Guide chapter 6: theoretically it is possible to
>>> install one PDC on both site, with the same domain, server name, and
SID.
>>> I
>>> like this idea, but: is there anyone who tried that, have experience
with
>>> it?
>>
More information about the samba
mailing list