Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (succe
ss, sort of)
KCollins at nesbittengineering.com
Tue Oct 29 15:00:28 GMT 2002
Andrew Barlett wrote:
> Domain trusts (in terms of us being a PDC trusting other DCs) are
> currenetly a work in progress. We hope to have it finished for Samba
> However, why do you need domain trusts? (There are lots of
> good answers
> to this question, but make sure you do have one of the answers).
> Samba 2.2 has always supported being a member server in a domain with
> domain trusts, for the record.
Interesting you should ask about the *need* for my three domains and
their trusts. Myself and a junior-admin had this same discussion the
day I wrote the post. Looking back, it just seemed the logical thing to
do. You see, in the beginning the three domains weren't connected -
definite need then. When we put the WAN in place we didn't want to
"rip-out" anything, so we used the trusts to "bind" the domains together
- *need* defined as we needed it working ASAP. Personally, I would
prefer to keep them separate just for greater user/group control.
But, I can also see that I may not *need* the independent PDCs that
trust each other, but maybe a PDC and 2 BDCs. I'm looking hard at the
latter just so I do not hit any major hurdles when moving to SAMBA.
Thinking along those lines I must pose the question: Will a SAMBA BDC
function as an NT BDC in that an NT BDC will cache (i.e. store locally)
user/group/SID information and only update/sync with the PDC at a
If we go with the one domain concept here, I'm going to need the BDCs in
each office to basically "run the show" for that office when it comes to
authentication. I do not want logons, etc. being passed to the PDC
across a 128K frame line half-way across the state - except in an
emergency like the BDC being offline. The reason I ask is that I've not
tried to simulate this yet and it really is the only sticking point in
the single domain plan (that I can see now).
Thanks for your response and I hope that I have not broad-sided you with
my theorizing and planning.
Kevin L. Collins, MCSE
Nesbitt Engineering, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2270 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20021029/870bae10/smime.bin
More information about the samba-technical