Samba redundant domain controllers?

High Mobley HMOBLEY at mail.mcg.edu
Wed Jun 9 21:33:53 GMT 1999 

Just saw this posted on comp.protocols.smb newsgroup:

"   I am interested in having a PDC and BDC just using Samba servers. I know that Samba is not capable of syncronizing domain information. But I don't need it to. I will have an LDAP server as the backend. So they will be accessing the same information. Is it possible for for one samba server to present itself as a higher priority domain server for given domain (PDC) and have another run with a lower priority (BDC)? Similar to how SMB figures out who is the browselist master."

What do you think guys?  I know what we're talking about here is not actually PDC/BDC integration, but has basically the same effect of setting up redundant domain controllers.  Would it be possible to list both of them as domain masters, but with different OS levels so that one of them takes precendence, but that the lower-level server takes over as the authenticating server if the higher-level server goes down?  

The big question in my mind about this is what happens when both of them are listed as domain controllers with security=user and domain logons=yes?  Would the higher-level server, which should win any elections for the role of domain master browser, freak out about having another DC on its domain?  Or does the higher-level server not care about the other DC since it already won the election for the role of domain master browser?  Or are browser roles irrelevant?  I seem to recall seeing in the FAQs that the PDC needs to be the domain master browser, but I don't recall if that's for NT, Samba, or both!

So assuming that the two Samba DC's don't mind each other being on the same domain, will the lower-level server pickup the PDC role after the higher-level server crashes?  Of course, this assumes that the LDAP database is mirrored across the two servers.  

An even more important question would be whether or not the lower-level server would accept requests from clients to access shares if it's expecting to authenticate the clients itself, but hte higher-level server is the one normally performing all authentication!

Regardless of whether or not this setup is possible, redundant authentication servers is certainly a feature of Samba that I look forward to. 

High Mobley
Sys Admin
Medical College of Georgia

More information about the samba-ntdom mailing list