multiple domain contr. not allowed?

Charles Owens owensc at
Fri Aug 8 15:09:26 GMT 1997

On Thu, 7 Aug 1997, Luke Kenneth Casson Leighton wrote:

> On Thu, 7 Aug 1997, Charles Owens wrote:
> > > > Using samba 1.9.17alpha5 on all servers, I'd like to configure one of my
> > > > servers to be a failover domain controller in case my usual domain
> > > > controller dies.
> > > 
> > > cool.  someone that wants to use this feature!  you thinking of using 
> > > automount volumes, too, so that it _really_ doesn't matter which machine 
> > > you use - they both appear to be the same?

Along related lines, what would be the best technique for me to use if I'm
trying to achieve netbios share load sharing and failover?  I'd been
hoping to do it at the DNS level (using a load balancing DNS server), but
for this to work the nmbd WINS database would have to store a DNS name to
Netbios name mapping; thus the DNS name would be resolved to IP
address everytime a client did a WINS name resolution request of the
netbios server name.   Currently, the WINS database can only store the
fully resolved IP address to netbios name mapping, right?

So, I see two choices:

	1. change nmbd somehow to allow for the special case of storing
		a DNS to netbios name mapping as discussed above
		(maybe with a new lmhosts file flag?)

	2. somehow implement this at the netbios name level... so
		nmbd would track multiple IP addresses for the
		same netbios name... doing round-robin resolution
		much like BIND will do.

I suspect that choice #1 would require much less intrusive changes to
nmbd... plus, it allows the complexity to be handled at the DNS level,
which is appealing, IMHO.

Thoughts?  Other ways of pulling this off?  Do you think its likely that
such functionality will be added into nmbd any time soon?

> > 
> > Yes... more or less.  Actually, I've written a perl script that gets fired
> > up (using "preexec") when a user connects to the netlogon share.  The
> > script does this


> > > os level is for local master browser elections.  local master browser 
> > > elections are on broadcast-isolated subnets, on broadcast-only netbios 
> > > names, and have nothing to do with the [unique in the WINS scope] domain 
> > > master browser netbios name.
> > 
> > Ahh... gotcha...
> > Okay... is there, then, anyway for me to specify which of my two domain
> > controller cantidates is preferred?  Such that this would happen:
> > 
> > 	A = primary dom cntrl		B = backup dom cntrl
> hum.
> nope!


> > 
> > 	A goes down
> > 	B comes around eventually and assumes the domain controller role
> > 	A comes back up and tries to assume dom. cntrl.
> > 	B somehow knows that A is preferred so ceases being dom. cntrl.
> this is the tricky bit, that requires some communication between the 
> various machines configured as PDCs.  which we don't presently have.
> > 	A assumes dom. cntrl. role
> > 
> > also
> > 
> > 	B goes down
> > 	B comes back up and tries to assume dom. cntrl.
> > 	B detects existing dom. cntrl. (A) and does not become
> > 		dom. cntrl. (this part works now)
> > 
> > Thoughts?
> - can you make do with turning your configuration into 'peers'?

Yes, except that my current implementation was going to use a personal
workstation as the peer/backup server.  It would be nice to have a way to
cause the main server to be preferred... though I can always manually
restart nmbd on the backup server to force it to lose the PDC role. 

> - how about a nmbregister program, similar to nmblookup, that does 
> name_register() and name_release()?  a name_release() being sent to the 
> client will clear the way for A to reclaim the name.

Hmmm... these would be very nice tools to have at times... it's a pain to
have to kill and restart nmbd to get it to reload the lmhosts file.

> except that you will need to kick A _quick_ to get it to reclaim.

Yeah... I see that this could be a bit tricky.  So if B is PDC and I tell
it to cease and desist (using the nmbregister tool?) how quickly would A,
on its own, tend to notice the absence of a PDC?  Would a client trying to
locate a PDC prompt A to try to assume that role, or would A only try to
become PDC after some timeout had expired?  If the latter then clients
would potentially not be able to locate a PDC for some time period...


> p.s - those script (perl hacks).  you interested in them being in the 
> samba distribution?

Yeah... at some point...  It'll be a bit before I have time to pull it
together though.

  Charles N. Owens                               Email:  owensc at
  Network & Systems Administrator
  Information Technology Services  "Outside of a dog, a book is a man's
  Eastern Nazarene College         best friend.  Inside of a dog it's 
                                   too dark to read." - Groucho Marx

More information about the samba mailing list