Samba PDC and WinNT BDC

Mike Papper mike at digitalpipe.net
Fri Dec 7 13:06:26 GMT 2001


Was wondering if samba will run a BDC on a linux machine? In this scenario 
the PDC is a NT box.

Details:
--------
We are using samba 2.2.2 with winbind in order to replicate the list of NT 
users/groups on a NT 4 network. There is an existing NT 4 PDC running on the 
network. Our software would like to know the complete list of users and 
groups so it can manage access to resources.

To clarify: An network already exists with a set of user/groups. We have 
software that needs to know the existing set of user/groups so it can use 
these users/groups when assigning access to videos.

We tried the following: on Linux run samba 2.2.2 with winbind and nsswitch to 
"add" the NT users to the linux machines set of users. Problem: winbind leaks 
memory. When you have 15,000 users in the PDC, logging into the linux machine 
can take a long time. The linux machine hits the PDC an awful lot (network 
traffic and PDC load) as it keeps updating its list.

It appears that we could solve this problem if the Linux machine were also a 
BDC (it is NOT currently a PDC). Then the PDC and BDC would communicate using 
their own protocls and hopefully on user/group UPDATES would be sent across 
the wire thereby reducing network traffic enormously and reding the load on 
the PDC. Additionally winbindd would talk locally (to the BDC) so it would 
work more efficiently.

NOTE:
I dont trust that the "winbind cache time" option for winbindd does anything 
at all - in particular winbind is supposed to check for the PDC's "sequence 
number" as it keeps hitting the PDC. Has anyone tested this? Or perhaps the 
PDC changes its sequence number every other minute andf so the cache doesnt 
seem to work. ??

Some questions:
1) Can samba be configured to run a BDC on a linux machine? And is stable? 
With what version of samba?

2) Can winbindd be configured to talk to that BDC rather than a PDC?

3) I read the following from these newsgroups:
> > Automatic user database replication between PDC and BDC is not yet
> > implemented in any samba, tng or not.
> >
> > The windows BDC will not import automatically the new users, except at
> > reboot, or if you restart that service, whatever it is.

This would imply that we cannot have  a BDC on linux and that even if we did, 
since the PDC-BDC does not import new users its wont be very useful.
   Anyone??

4) I heard that the memory leaks in winbindd were fixed...anyone know of a 
release version of this code (RPMs...).

5) When we configured winbindd we put entries into PAM. Perhaps we dont need 
these entries? What our code does is call the C function getgrent and 
getpwent (which I assume are the same as the "getent passwd" and "getent 
group" shell commands/programs whatever) - for these to work does PAM have to 
be involved?

-- 
Mike Papper
Digital Pipe
mike at digitalpipe.net
650-627-5100 ext. 5211




More information about the samba-ntdom mailing list