PDC acceptance criteria

Steve Langasek vorlon at netexpress.net
Wed Oct 4 22:59:27 GMT 2000


On Wed, 4 Oct 2000, Jason Haar wrote:

> > It is trivial to replicate the smbpasswd file between servers; but what tools
> > are you going to ship with Samba to facilitate this?  Samba has been ported to
> > such a wide range of platforms that the only guarantee you have about your
> > server's facilities is that it supports SMB. :)  That being the case, it seems
> > to me that the easiest failover method to implement would be the one that
> > already uses SMB, namely the NT PDC->BDC replication mechanism.  The

> I diagree. I'd say that if you're using Samba as your PDC, then you are
> using Samba for your BDCs (i.e you do not want NT for your DC's). As such
> you should use standard tools to replicate smbpasswd - and I believe they do
> exist - they're called NIS (yuck!) and rdist/rsync. I'd use the latter (over
> ssh of course) to provide a Unix-specific solutions that is BETTER THAN that
> provided by M$...

> For those "wide range of platforms" that don't support such options, well I
> hear FTP works everywhere :-)

To do this with at least as much security as is used in the NT implementation,
at a minimum you would want rsync/rdist with ssh.  Using NIS or ftp to
transfer the SAM database across a network should be grounds enough for any
admin to be shot or fired, as appropriate. :)  LDAP+SSL would be another
acceptable solution for replication, but neither LDAP+SSL nor rdist+ssh is a
solution that can be considered a "standard tool" on every platform where
Samba is used.  To my knowledge, the only system facilities currently required
to build and run Samba are a Bourne shell (for ./configure), a 'make' command,
a compiler, and a C library.

Being able to provide a PDC with replication support that has only these same
limited requirements would be an admirable achievement, but it's one that's
not terribly far-fetched.  I think it's worth shooting for.

Steve Langasek
postmodern programmer





More information about the samba-technical mailing list