samba4, samba-tool command

Pavel Herrmann morpheus.ibis at
Tue May 3 09:55:20 MDT 2011


On Tuesday 03 of May 2011 17:25:05 Theresa Halloran wrote:
> --mode=RO|<none> (none would indicate not read only but read/write?)
> 	in samba 3 RODC is called BDC, can I assume that on the samba-tool join
> command, the terminology change to RODC is intentional? (and PDC to DC)?

this has to do with differences between NT4 domain (samba3) and Active 
Directory (samba4)

in NT4, there was a primary DC which handled all the work, and possibly a 
backup DC, being used when the primary was not working

in AD, there are multiple DCs, all are equivalent as far as (most) functions 
go, clients pick one of the servers to use (the "closest" one, more precisely 
DNS round-robin on servers in their site). RODC is used eg. in less secure 
places, where it would be possible for someone to physically access the server 
and manipulate the directory copy there - readonly in this context means more 
like "won't be used as synchronization source", so it is more like a cache 
than a backup (all write operations are redirected to a writeable DC)

there also is the "PDC emulator" FSMO role, which means that this computer has 
authoritative auth information (RODCs may be configured not to store passwords 
or your password has not yet been synchronized to all DCs) - this is a remnant 
of NT4 domains

Pavel Herrmann

PS: I would vote for splitting join into dc and member objects, as soon as you 
would figure out more actions on them (having an object with one action is 
wierd) - leave/unjoin, possibly list...

More information about the samba-technical mailing list