ADS support

[Pavel Herrmann]

Hi

On Wednesday 11 of April 2012 12:48:11 Aaron Endo wrote:
> This is the top level build..
> 
> Here is my situation -- I'm running a cluster of 4 servers with samba4
> running on 1 primary server.. If failure it will failover to 2 ect..

AFAIK samba4 should not be used in failover clusters with heartbeat or similar 
clustering technology. instead, you should use AD multi-master operation, in 
which the servers are running in parallel, and clients choose one based on 
their distance (in this setup, clients would choose one at random).

when one server fails the domain contines to operate normally, with the 
exception of FSMO roles (which can be held by only one server at a time, in 
case of complete failure they can be transferred forcibly, but in normal 
operation you need both the original and target node to cooperate in FSMO 
transfer).

the most visible FSMO is PDC emulator, which does authoritative authentication 
(any auth rejected by non-PDC node is forwarded to PDC node before sending 
reject to client), password changes and time sync. other FSMOs are used only 
when adding objects (accounts, computers) to the domain


cheers
Pavel Herrmann