Trust relationship between PDCs

Luke Kenneth Casson Leighton lkcl at switchboard.net
Wed Mar 3 22:31:07 GMT 1999 

daniel,

try configuring multiple (identical) machines all as samba PDCs, see what
happens.  they fight it out attempting to be the PDC every 5 minutes.  you
will need to make sure they all use the same private/smbpasswd file, and
that means ensuring that if they access it [this file] over a network, the
access is done securely.

alternative:

use ldap or mysql, run ssh redirection from localhost to _real_ ldap or
mysql server, on all samba PDCs.

luke

On Thu, 4 Mar 1999, Daniel Robbins wrote:

> Has anyone else noticed that having an NT BDC isn't all that great?  From
> my experience, the BDC will process logons, but when the BDC isn't
> available for an extended period of time, domain logons will flake out,
> even if the PDC is available.  Is there a way around this?
> 
> The reason I mention this is because it would be nice if Samba would work
> properly in this regard.  I don't know whether this is possible.  Is the
> problem related to network browsing or a defect in some other part of the
> Microsoft BDC implementation?  Would forcing a browser election on the
> network eventually resolve this problem, or is this a totally different
> issue?
> 
> If there is some way Samba could be designed to allow BDCs to go down, and
> have clients transparently switch over to a functional PDC for domain
> logons, then Samba domains would be much more useful and reliable than
> Microsoft's.
> 
> Does anyone else have this BDC problem with Windows NT Server 4.0, or am I
> doing something wrong?
> 
> On Thu, Mar 04, 1999 at 07:54:20AM +1100, Matt Chapman wrote:
> > Jean Francois Micouleau wrote:
> > 
> > > BDC functionality might be nice. What would be nicer is a netmon trace of
> > > replication and of BDC -> PDC and PDC -> BDC promote.
> > > Same thing for trust relationship.
> > 
> > I'm playing with replication now. Almost have it figured out.
> > 
> > There's about a half-dozen new RPC's we need including some more service
> > control and LSA secret stuff, plus the central \NETLOGON 0x07 "enumerate
> > changed accounts" RPC. The latter is a bit annoying in that some of it is
> > passed as "blobs" of registry info rather than RPC parameters.
> > 
> >     Matt
> > 
> > 
> > 
> > --
> > Matt Chapman
> > m.chapman at student.unsw.edu.au
> > 
> > 
> > 
> > 
> 
> -- 
> Daniel Robbins
> System Administrator
> University of New Mexico
> drobbins at obgyn.unm.edu
> 

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton  </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org"        > Samba Web site                </a>

=====================================================================
Luke Kenneth Casson Leighton        |  Direct Dial   : (678) 443-6183
Systems Engineer / ISS XForce Team  |  ISS Front Desk: (678) 443-6000
Internet Security Systems, Inc.     |  ISS Fax       : (678) 443-6477

http://www.iss.net/    *Adaptive Network Security for the Enterprise*
     ISS Connect   -   International User Conference   -  May '99
=====================================================================

More information about the samba-ntdom mailing list