PDC acceptance criteria
Steve Langasek
vorlon at netexpress.net
Tue Oct 3 22:20:45 GMT 2000
On Tue, 3 Oct 2000, Gerald Carter wrote:
> > Inter-domain trust relationships are nice, but there
> > are many people who *need* PDC->BDC replication before they
> > can sell this to their supervisors, because a
> > solution without built-in redundancy would be
> > unacceptable. Moreover, it would give Samba-as-PDC a bad
> > name right off the bat if people start having
> > reliability problems -- even if the problems aren't
> > directly the fault of Samba, the fact that a Samba PDC
> > can't be deployed with the same degree of
> > redundancy as an NT PDC is bound to earn poor marks.
> Let me rephrase that then...Is PDC<->BDC integration with
> NT server required? Or can people just say this is a
> Samba domain. It is a trivial thing to replicate a smbpasswd
> among servers. Once LDAP support is in place, we can
> just point all samba servers in a domain to that.
It is trivial to replicate the smbpasswd file between servers; but what tools
are you going to ship with Samba to facilitate this? Samba has been ported to
such a wide range of platforms that the only guarantee you have about your
server's facilities is that it supports SMB. :) That being the case, it seems
to me that the easiest failover method to implement would be the one that
already uses SMB, namely the NT PDC->BDC replication mechanism. The
protocol's already been reverse-engineered; people are going to want support
for it eventually anyway; why spend time designing (or incorporating) another
secure method for mirroring the smbpasswd file?
> My point about domain trusts is that the master
> domain / resource domain setup is quite common I think.
> Maybe I'm wrong.
It's not a familiar configuration to me, but what do I know? :)
Steve Langasek
postmodern programmer
More information about the samba-technical
mailing list