PDC acceptance criteria

Mayers, Philip J p.mayers at ic.ac.uk
Wed Oct 4 08:49:04 GMT 2000

IIRC, PDC->BDC replication was *almost* working in TNG at one point. Given
that we "sort of" know how to do it, I would rate NT->Samba PDC->BDC as a
high priority. That said, if Samba could do everything I needed, I wouldn't
use an NT PDC, so...

Domain trusts are important. To be honest, I don't think Samba would get far
in corporate circle without both replication and trusts. *BUT*, the basic
functionality should be released when it's working... I don't want to
encourage the holding back of code...

Here's a good benchmark - Samba must be able to support an MS Exchange
server hanging off it. I don't know what technical requirements that imposes
off the top of my head, but full user/group mapping and enumeration *MUST*
work. I suspect the WINBIND stuff would have to be working for a Samba PDC
to be a real possibility.

A plugin for Winbind to replace the algorithmic mapping of SID->U/GID would
be good. Many sites already have a Unix accounts infrastructure in place,
and would want to preserve U/GID for things like NFS (Ugh!). I suggest an
LDAP lookup, as well as a pre-built TDB as a good start for plugins (and the
chance to load this TDB "read only").

This last might sound very specific, but for IC to roll out Samba PDCs, it
would be essential that we have the ability to control the mapping.


| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |

-----Original Message-----
From: Gerald Carter [mailto:gcarter at valinux.com]
Sent: 03 October 2000 20:51
To: Steve Langasek
Cc: samba-technical at samba.org
Subject: Re: PDC acceptance criteria

Steve Langasek wrote:
> I don't think everyone will share those priorities.  

That's why I broght it up :-)

> Inter-domain trust relationships are nice, but there 
> are many people who *need* PDC->BDC replication before they 
> can sell this to their supervisors, because a
> solution without built-in redundancy would be
> unacceptable.  Moreover, it would give Samba-as-PDC a bad 
> name right off the bat if people start having 
> reliability problems -- even if the problems aren't 
> directly the fault of Samba, the fact that a Samba PDC 
> can't be deployed with the same degree of
> redundancy as an NT PDC is bound to earn poor marks.

Let me rephrase that then...Is PDC<->BDC integration with
NT server required?  Or can people just say this is a 
Samba domain.  It is a trivial thing to replicate a smbpasswd
among servers.  Once LDAP support is in place, we can
just point all samba servers in a domain to that.

My point about domain trusts is that the master 
domain / resource domain setup is quite common I think.
Maybe I'm wrong.

> I think PDC->BDC replication a la NT would be ideal; but I 
> think at a minimum there needs to be /some/ prepackaged 
> failover solution available, whether it's Samba-specific 
> or not.

See above comments.

Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
       http://www.samba.org       SAMBA Team           jerry at samba.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list