samba4, samba-tool command
Pavel Herrmann
morpheus.ibis at gmail.com
Tue May 3 09:55:20 MDT 2011
Hi
On Tuesday 03 of May 2011 17:25:05 Theresa Halloran wrote:
> --mode=RO|<none> (none would indicate not read only but read/write?)
> in samba 3 RODC is called BDC, can I assume that on the samba-tool join
> command, the terminology change to RODC is intentional? (and PDC to DC)?
this has to do with differences between NT4 domain (samba3) and Active
Directory (samba4)
in NT4, there was a primary DC which handled all the work, and possibly a
backup DC, being used when the primary was not working
in AD, there are multiple DCs, all are equivalent as far as (most) functions
go, clients pick one of the servers to use (the "closest" one, more precisely
DNS round-robin on servers in their site). RODC is used eg. in less secure
places, where it would be possible for someone to physically access the server
and manipulate the directory copy there - readonly in this context means more
like "won't be used as synchronization source", so it is more like a cache
than a backup (all write operations are redirected to a writeable DC)
there also is the "PDC emulator" FSMO role, which means that this computer has
authoritative auth information (RODCs may be configured not to store passwords
or your password has not yet been synchronized to all DCs) - this is a remnant
of NT4 domains
Pavel Herrmann
PS: I would vote for splitting join into dc and member objects, as soon as you
would figure out more actions on them (having an object with one action is
wierd) - leave/unjoin, possibly list...
More information about the samba-technical
mailing list