svn commit: samba-docs r317 - in trunk/Samba-HOWTO-Collection: .

abartlet at samba.org abartlet at samba.org
Sun Jan 2 21:36:44 GMT 2005 

Author: abartlet
Date: 2005-01-02 21:36:44 +0000 (Sun, 02 Jan 2005)
New Revision: 317

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=317

Log:
Address some inaccracies (such as BDC solutions that might have
worked, but Samba never got the code to support), clarify some things
that pedents have raised on the lists/in bugs, and explain about the
'ldap replication sleep' hack.

Andrew Bartlett

Modified:
   trunk/Samba-HOWTO-Collection/BDC.xml
   trunk/Samba-HOWTO-Collection/Passdb.xml


Changeset:
Modified: trunk/Samba-HOWTO-Collection/BDC.xml
===================================================================
--- trunk/Samba-HOWTO-Collection/BDC.xml	2004-12-28 11:40:48 UTC (rev 316)
+++ trunk/Samba-HOWTO-Collection/BDC.xml	2005-01-02 21:36:44 UTC (rev 317)
@@ -104,10 +104,8 @@
         <entry><para>tdbsam</para></entry>
         <entry><para>tdbsam + <command>net rpc vampire</command></para></entry>
         <entry><para>
-	Does not work with Samba-3.0.0; may be implemented in a later release. The downside of this solution
-	is that an external process will control account database integrity. This solution may appeal to sites
-	that wish to avoid the complexity of LDAP. The <command>net rpc vampire</command> is used to
-	synchronize domain accounts from the PDC to the BDC.
+	Does not work with Samba-3.0; as Samba does not implement the
+        server-side protocols required.
 	</para></entry>
         </row>
         <row>
@@ -115,8 +113,9 @@
         <entry><para>tdbsam + <command>rsync</command></para></entry>
         <entry><para>
 	Do not use this configuration.
-	Does not work because the TDB files are live and data may not have been flushed to disk.
-	Use <command>rsync</command> to synchronize the TDB database files from the PDC to the BDC.
+	Does not work because the TDB files are live and data may not
+        have been flushed to disk.  Furthermore, this will cause
+        domain trust breakdown.
 	</para></entry>
         </row>
         <row>
@@ -124,9 +123,9 @@
         <entry><para>smbpasswd file</para></entry>
         <entry><para>
 	Do not use this configuration.
-	Not an elegant solution due to the delays in synchronization.
-	Use <command>rsync</command> to synchronize the smbpasswd file from the PDC to the BDC.
-	Can be made to work using a <command>cron</command> job to synchronize data from the PDC to the BDC.
+	Not an elegant solution due to the delays in synchronization
+        and also suffers
+        from the issue of domain trust breakdown.
 	</para></entry>
         </row>
         </tbody>
@@ -308,12 +307,19 @@
 </para>
 
 <para>
-Do not install a Samba PDC on a OpenLDAP slave server. Joining client machines to the domain
+For preference, do not install a Samba PDC on a OpenLDAP slave server. Joining client machines to the domain
 will fail in this configuration because the change to the machine account in the LDAP tree
 must take place on the master LDAP server. This is not replicated rapidly enough to the slave
-server that the PDC queries. It therfore gives an error message on the client machine about
+server that the PDC queries. It therefore gives an error message on the client machine about
 not being able to set up account credentials. The machine account is created on the LDAP server
-but the password fields will be empty.
+but the password fields will be empty.  Unfortunately, some sites are
+unable to avoid such configurations, and these sites should review the
+<smbconfoption><name>ldap replication
+sleep</name></smbconfoption> parameter, intended to slow down Samba sufficiently
+for the replication to catch up.  This is a kludge, and one that the
+administrator must manually duplicate in any scripts (such as the
+<smbconfoption><name>add machine script</name></smbconfoption>) that
+they use.
 </para>
 
 <para>

Modified: trunk/Samba-HOWTO-Collection/Passdb.xml
===================================================================
--- trunk/Samba-HOWTO-Collection/Passdb.xml	2004-12-28 11:40:48 UTC (rev 316)
+++ trunk/Samba-HOWTO-Collection/Passdb.xml	2005-01-02 21:36:44 UTC (rev 317)
@@ -51,8 +51,12 @@
 	<varlistentry><term>Plain Text</term>
 		<listitem>
 			<para>
-			This option uses nothing but the UNIX/Linux <filename>/etc/passwd</filename>
-			style backend. On systems that have Pluggable Authentication Modules (PAM)
+			This isn't really a backend at all, but is
+			listed here for simplicity.  Samba can be
+			configured to pass plaintext authentication
+			requests to the traditional UNIX/Linux
+			<filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>
+			style subsystems.  On systems that have Pluggable Authentication Modules (PAM)
 			support, all PAM modules are supported. The behavior is just as it was with
 			Samba-2.2.x, and the protocol limitations imposed by MS Windows clients
 			apply likewise. Please refer to <link linkend="passdbtech">Technical Information</link> for more information
@@ -1718,11 +1722,6 @@
 	for example, <smbconfoption><name>auth methods</name><value>guest sam</value></smbconfoption>.
 	</para>
 
-	<para>
-	This is the exact opposite of the requirement for the <smbconfoption><name>passdb backend</name></smbconfoption>
-	option, where it must be the <emphasis>LAST</emphasis> parameter on the line.
-	</para>
-
 	</sect2>
 
 </sect1>

More information about the samba-cvs mailing list