Sharing a 'System Read Access' LDB handle in Samba4
Andrew Bartlett
abartlet at samba.org
Thu Jun 19 06:35:33 GMT 2008
On Wed, 2008-06-18 at 23:29 -0700, Luke Howard wrote:
> > I suppose the depends if these are held in the main DB. I was under
> > the
> > impression that to avoid massive replication pressure, that these
> > audit
> > logs were stored elsewhere, and the only thing to update would be the
> > 'week of last logon' timestamp (from memory).
>
> lastLogon was non-replicated, but lastLogonTimestamp (introduced in
> W2K3) is. Also account lockout-related attributes would need to be
> replicated too? I'm a bit hazy on this, I seem to remember that
> lockout attempts were per-DC but presumably once the account is
> actually locked out, this is replicated to all DCs.
Yeah, I was going to open a read-write DB at that point (to avoid doing
writes and transactions on the shared LDB handle).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080619/67f26055/attachment.bin
More information about the samba-technical
mailing list