Trust relationship between PDCs
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Wed Mar 3 22:31:07 GMT 1999
daniel,
try configuring multiple (identical) machines all as samba PDCs, see what
happens. they fight it out attempting to be the PDC every 5 minutes. you
will need to make sure they all use the same private/smbpasswd file, and
that means ensuring that if they access it [this file] over a network, the
access is done securely.
alternative:
use ldap or mysql, run ssh redirection from localhost to _real_ ldap or
mysql server, on all samba PDCs.
luke
On Thu, 4 Mar 1999, Daniel Robbins wrote:
> Has anyone else noticed that having an NT BDC isn't all that great? From
> my experience, the BDC will process logons, but when the BDC isn't
> available for an extended period of time, domain logons will flake out,
> even if the PDC is available. Is there a way around this?
>
> The reason I mention this is because it would be nice if Samba would work
> properly in this regard. I don't know whether this is possible. Is the
> problem related to network browsing or a defect in some other part of the
> Microsoft BDC implementation? Would forcing a browser election on the
> network eventually resolve this problem, or is this a totally different
> issue?
>
> If there is some way Samba could be designed to allow BDCs to go down, and
> have clients transparently switch over to a functional PDC for domain
> logons, then Samba domains would be much more useful and reliable than
> Microsoft's.
>
> Does anyone else have this BDC problem with Windows NT Server 4.0, or am I
> doing something wrong?
>
> On Thu, Mar 04, 1999 at 07:54:20AM +1100, Matt Chapman wrote:
> > Jean Francois Micouleau wrote:
> >
> > > BDC functionality might be nice. What would be nicer is a netmon trace of
> > > replication and of BDC -> PDC and PDC -> BDC promote.
> > > Same thing for trust relationship.
> >
> > I'm playing with replication now. Almost have it figured out.
> >
> > There's about a half-dozen new RPC's we need including some more service
> > control and LSA secret stuff, plus the central \NETLOGON 0x07 "enumerate
> > changed accounts" RPC. The latter is a bit annoying in that some of it is
> > passed as "blobs" of registry info rather than RPC parameters.
> >
> > Matt
> >
> >
> >
> > --
> > Matt Chapman
> > m.chapman at student.unsw.edu.au
> >
> >
> >
> >
>
> --
> Daniel Robbins
> System Administrator
> University of New Mexico
> drobbins at obgyn.unm.edu
>
<a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org" > Samba Web site </a>
=====================================================================
Luke Kenneth Casson Leighton | Direct Dial : (678) 443-6183
Systems Engineer / ISS XForce Team | ISS Front Desk: (678) 443-6000
Internet Security Systems, Inc. | ISS Fax : (678) 443-6477
http://www.iss.net/ *Adaptive Network Security for the Enterprise*
ISS Connect - International User Conference - May '99
=====================================================================
More information about the samba-ntdom
mailing list