multiple domain contr. not allowed?

Luke Kenneth Casson Leighton lkcl at
Fri Aug 8 17:42:38 GMT 1997

On Sat, 9 Aug 1997, Charles Owens wrote:

> On Thu, 7 Aug 1997, Luke Kenneth Casson Leighton wrote:
> > 
> > On Thu, 7 Aug 1997, Charles Owens wrote:
> > 
> > > > > Using samba 1.9.17alpha5 on all servers, I'd like to configure one of my
> > > > > servers to be a failover domain controller in case my usual domain
> > > > > controller dies.
> > > > 
> > > > cool.  someone that wants to use this feature!  you thinking of using 
> > > > automount volumes, too, so that it _really_ doesn't matter which machine 
> > > > you use - they both appear to be the same?
> Along related lines, what would be the best technique for me to use if I'm
> trying to achieve netbios share load sharing and failover?

look at rfc1002.txt.  read the bits about "NetBIOS session setup" and 
retargetting - section 4.3.5:


                        1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   |      TYPE     |     FLAGS     |            LENGTH             |
   |                      RETARGET_IP_ADDRESS                      |
   |           PORT                |

code this up.  have one samba server that is capable of retargetting to
other samba servers.  in those other samba servers, have an "include = 
smb.conf.%l", where the smb.conf.retargetted_samba_server file is 
identical to that of the main samba server.

this is one possible solution.

>  I'd been
> hoping to do it at the DNS level (using a load balancing DNS server), but
> for this to work the nmbd WINS database would have to store a DNS name to
> Netbios name mapping; thus the DNS name would be resolved to IP
> address everytime a client did a WINS name resolution request of the
> netbios server name.   Currently, the WINS database can only store the
> fully resolved IP address to netbios name mapping, right?
> So, I see two choices:
> 	1. change nmbd somehow to allow for the special case of storing
> 		a DNS to netbios name mapping as discussed above
> 		(maybe with a new lmhosts file flag?)

don't understand.   sounds horrible, though.
> 	2. somehow implement this at the netbios name level... so
> 		nmbd would track multiple IP addresses for the
> 		same netbios name... doing round-robin resolution
> 		much like BIND will do.

i like this one better, but that's because i'm more familiar with nmbd...

> I suspect that choice #1 would require much less intrusive changes to
> nmbd...

actually, given than nmbd caches the dns lookup that it does (for about 
two hours), option #2 is required to implement option #1.

> plus, it allows the complexity to be handled at the DNS level,
> which is appealing, IMHO.


> Thoughts?  Other ways of pulling this off?

see above.

>  Do you think its likely that
> such functionality will be added into nmbd any time soon?

absolutely... clueless.  i'm currently trying to get the samba-2 tree 
back on-line with the current code revision of samba-1.

i'd suggest waiting until the samba-2 tree goes live, because it can 
handle multi-homed netbios names, and internet group netbios names.  
extending the data structures to include some sort of round-robin system 
wouldn't exactly be a great drag.  which it would on samba-1.
> > > Thoughts?
> > 
> > - can you make do with turning your configuration into 'peers'?
> Yes, except that my current implementation was going to use a personal
> workstation as the peer/backup server.  It would be nice to have a way to
> cause the main server to be preferred... though I can always manually
> restart nmbd on the backup server to force it to lose the PDC role. 

> > - how about a nmbregister program, similar to nmblookup, that does 
> > name_register() and name_release()?  a name_release() being sent to the 
> > client will clear the way for A to reclaim the name.
> Hmmm... these would be very nice tools to have at times... it's a pain to
> have to kill and restart nmbd to get it to reload the lmhosts file.


oh.  yeh.  must get nmbd to implement kill -HUP properly.  something that 
ought to have been done two years ago.  never mind.
> > except that you will need to kick A _quick_ to get it to reclaim.
> Yeah... I see that this could be a bit tricky.  So if B is PDC and I tell
> it to cease and desist (using the nmbregister tool?) how quickly would A,
> on its own, tend to notice the absence of a PDC?

5 min cycle.  or whatever you decide to modify the #define in nameserv.h to. 

> Would a client trying to
> locate a PDC prompt A to try to assume that role, or would A only try to
> become PDC after some timeout had expired?  If the latter then clients
> would potentially not be able to locate a PDC for some time period...

correct.  they will not.  they will (maybe) look for a BDC (domain<1c>) 
which should suffice.  maybe.  this all needs to be looked at.

> [...]
> > p.s - those script (perl hacks).  you interested in them being in the 
> > samba distribution?
> Yeah... at some point...  It'll be a bit before I have time to pull it
> together though.



More information about the samba mailing list