notes on HOWTO-Collection

Paul Kölle pkoelle at
Thu May 26 07:30:30 GMT 2005

Ignacio Coupeau wrote:
>> Problems I see with the current version:
>> After the first sentence, it jumps into LDAP without introducing why
>> LDAP at all (replication). It points out that when using a slave LDAP
>> server, clients *may* still be able to logon. So are they? AFAIK if
>> Samba needs to write to the SAM during logon it will fail since the
>> slave will return a referral to the master and boom! (unless there is
>> some background magic samba does to cache updates). Then a slave is just
>> loadbalancing, not redundancy. This is actually stated at the end of the
>> paragraph but "if the slave find it's master down at the wrong time you
>> will have stability and operational problems" doesn't sound very
>> promising and not stating what those problems might be makes it even
>> worse. How is one supposed to read "clients may still be able to logon",
>> after that sentence? And the reader has probably no clear understanding
>> about LDAP replication. Later on the text is interspersed with comments
>> about the (impossible) interop of Samba and NT4 PDCs/BDCs which I think
>> should all go into the "Features and Benefits". A see "Features and
>> Benefits" section as "this is what you (don't) get" if one finds a
>> showstopper here one would probably don't read further which saves a lot
>> of time ;)
> Paul,
> our experience at my site is that the referrals are very well followed
> by samba, and if the master is down 
Ok, that was poorly written, of course samba manages referrals.

(of course, you may use multimaster
> in several LDAP implementations) some write operations are blocked, but
> the client manages it pretty well: the worst situation may be the
> user-change-passwd or the workstation's ntpassword re-negotiation, but
> if the change fails (ie. ldap master is down), the client don't crash at
> all nor the ws is removed from the domain, simply the attributes are not
> changed at this time.
So this should probably go into the docs, one question remains though.
Do logons work when the master is down?


More information about the samba-technical mailing list