notes on HOWTO-Collection

Ignacio Coupeau icoupeau at
Wed May 25 14:45:25 GMT 2005

> Problems I see with the current version:
> After the first sentence, it jumps into LDAP without introducing why
> LDAP at all (replication). It points out that when using a slave LDAP
> server, clients *may* still be able to logon. So are they? AFAIK if
> Samba needs to write to the SAM during logon it will fail since the
> slave will return a referral to the master and boom! (unless there is
> some background magic samba does to cache updates). Then a slave is just
> loadbalancing, not redundancy. This is actually stated at the end of the
> paragraph but "if the slave find it's master down at the wrong time you
> will have stability and operational problems" doesn't sound very
> promising and not stating what those problems might be makes it even
> worse. How is one supposed to read "clients may still be able to logon",
> after that sentence? And the reader has probably no clear understanding
> about LDAP replication. Later on the text is interspersed with comments
> about the (impossible) interop of Samba and NT4 PDCs/BDCs which I think
> should all go into the "Features and Benefits". A see "Features and
> Benefits" section as "this is what you (don't) get" if one finds a
> showstopper here one would probably don't read further which saves a lot
> of time ;)

our experience at my site is that the referrals are very well followed 
by samba, and if the master is down (of course, you may use multimaster 
in several LDAP implementations) some write operations are blocked, but 
the client manages it pretty well: the worst situation may be the 
user-change-passwd or the workstation's ntpassword re-negotiation, but 
if the change fails (ie. ldap master is down), the client don't crash at 
all nor the ws is removed from the domain, simply the attributes are not 
changed at this time.

Ignacio Coupeau, Ph.D.     icoupeau at
CTI, Director              icoupeau at
University of Navarra      icoupeau at
Pamplona, SPAIN  

More information about the samba-technical mailing list