Help setting up Samba BDC of Samba PDC

Charles Owens owensc at enc.edu
Fri Aug 20 17:11:13 GMT 1999 

Ignacio Coupeau wrote:

> Charles Owens wrote:
>>
>> Matt,
>>
>> What's the status of the Samba BDC code? I see the smbpasswd -b and
>> -S
>> options...
>>
>> Can you provide a quick howto on setting this up? I can make some
>> guesses, but I'd prefer to have a clue. :-)
>>
>> How does this work in the LDAP context? Does the BDC expect to be
>> pointed at a different LDAP server than the PDC? If so, this seems
>> unneccessary to me... couldn't both DC's be pointed at the same LDAP
>> server? As long as the LDAP infrastructure is implemented with a
>> decent
>> degree of fault tolerence, this would seem to be preferable to having

>> the BDC maintain its own private image of the SAM. (of course... I
>> could be totally of my rocker... ;-)
>
> for me, the LDAP runs with a very decent degree of fault tolerance...
we
> have one LDAP (openldap) server with 3 PDC attached to the same
> database... for 50 WS runs fine; with 120 WS in a week I can tell
you...
> with 420 WS (the final project) perhaps we need a replicated LDAP...

If I'm reading you correctly, with and LDAP based PDC we can achieve two
benefits:

   * BDC-functionality (PDC failover)
   * PDC scalability via a "cluster" approach (multiple _active_
     Samba-PDC nodes serving the same domain)

Is this what you're saying, Ignacio, when you say you're serving 50
workstations with 3 PDCs?  Is anything special required to get all three
nodes to actively share the burden of workstation authentication?

When a true BDC (by Microsoft's definition) is set up, there is a trust
relationship between it and the PDC.  In your scenerio, there are no
trust relationships, right?  In fact, there isn't really a single node
identifiable as _the_ PDC.  All 3 nodes are "collectively" the PDC.  All
nodes must share a common <domain_name>.SID file, right?

The role of domain browse master (as set by the "domain master"
parameter), however, can only be handled by a single node at a time,
right?  So, if all 3 nodes have the setting "domain master = auto"
they'll settle by election which one is the domain browse master.  But
this is a separate isse (mostly) from whatever mechanism the PDC nodes
use to advertise themselves as valid PDCs for the domain, right?  What
happens when more than one PDC node (in the Samba-PDC/LDAP scenerio)
tries to register themselves with WINS as _the_ PDC for a domain?

I'm raising a bunch of questions here... sorry... just trying to talk it
out.  Any comments from anyone are most appreciated!

Thanks,

Charles


--
---
-------------------------------------------------------------------------

  Charles N. Owens                               Email:  owensc at enc.edu
                                             http://www.enc.edu/~owensc
  Network & Systems Administrator
  Information Technology Services  "Outside of a dog, a book is a man's
  Eastern Nazarene College         best friend.  Inside of a dog it's
                                   too dark to read." - Groucho Marx
-------------------------------------------------------------------------

More information about the samba-ntdom mailing list