[Samba] PDC and BDC load-balancing

Norman Hooper norman at lateral.co.za
Mon Jul 29 02:35:03 GMT 2002

Hi Sven,

Thanks for your response.

>>I would like to know how Samba / Windows determines which domain 
>>controller should handle a logon request, and whether there is a way I 
>>can affect the process.
>i heard something like the Workstation takes the first DC which answers 
>- which should be the faster machine.

I heard something like that too. I was hoping that if my BDC was fast 
enough, and close enough on the network to the workstations logging on, 
then it would handle more requests. Maybe my BDC needs to be as fast as 
my PDC.

>>Here's the situation: I have a school installation running a Samba 
>>domain, with a PDC (1.1GHz Celeron, 256 MB RAM) and one BDC (much 
>>smaller, 366 with 64 MB RAM), both with RedHat 7.1 and Samba 2.2.5. 
>>There are about 80 NT and 2000 workstations, and about 10 98 machines.
>i think the 386-machine will answer with a little delay.

Sorry, that "366" was a bad typo. It should be "633" -- It's a 633 MHz 
Celeron with 64 MB RAM, so almost half the speed of the PDC, with a 
quarter of the RAM. (Although neither the PDC or BDC are using any swap 
space.) I am using a standard Samba PDC - BDC setup as outlined in the 
Samba HOWTO, with the PDC as an NIS master, and the BDC an NIS slave to 
replicate the Linux user password files, and I am using rsync scheduled 
with crontab to push any changes to smbpasswd and the netlogon and 
profile shares from the PDC to the BDC automatically. Rsync can work 
through SSH, and SSH can authenticate with public key encryption, so it 
doesn't prompt for a password. It is working well: I have tested the 
replication of the files, and users who change their passwords and 
machines that are added to the domain are recognised by the BDC. Also, 
users who log onto the BDC are sent their profile successfully -- using 
the synchronised local copy of the profile stored on the BDC. Also, 
users' home directories are stored only on the PDC. The BDC's smb.conf 
file goes:

logon path = \\%L\profiles\default.man
logon script = \\%L\netlogon\scripts\logon.bat
logon home = \\PDCname\%U
home drive = H:

And the PDC's smb.conf file goes:

logon path = \\%L\profiles\default.man
logon script = \\%L\netlogon\scripts\logon.bat
logon home = \\%L\%U
home drive = H:

>>So I figured Plan A was to install a BDC. I didn't have another 1.1GHz 
>>machine, so I decided to test with a smaller one, see how it affected 
>>the PDC's load, and take it from there.
>why did you setup a BDC? as far as i know, a BDC has the user-database 
>of the PDC - nothing more - nothing less.

Yes, you're right. I was just thinking that if the PDC was overloaded, 
then if I had a BDC to share the load of logging users on, together both 
would be able to cope. So all the BDC would need would be an exact copy 
of the PDC's user database, and copies of the netlogon and profiles shares.

Interestingly, Ignacio Coupeau, who has worked a lot with Samba PDCs, 
with Samba TNG, Samba HEAD and Samba 2.2, and has written very detailed 
Samba LDAP PDC HOWTOs, instead of using BDCs (which Samba TNG does not 
support), in his HOWTOs he just has many domains (8), all with their own 
Samba PDC. Maybe he has a point! Maybe BDCs are not the way to go, and 
if I want to break up the load I would need several PDCs.

>the roaming-profiles are strored at the path you specified. if one 
>workstation downloads from the PDC (and of course uploads to the PDC) 
>and the other downloads the profile from the BDC - the copy on the BDC 
>would have to be synced all the time to the profile on the PDC.

Yes. But the profile is mandatory (and there is only one, used by all 
users), so workstations never upload back to the PDC or BDC. If there 
are ever any changes to the profile, it will be because I made them 
myself, so it is only synced between the PDC and BDC very seldom, and 
also only needs to be synced between a DC and a workstation when a 
change has happened.

>an auth-request is just a work of milli-seconds - it's not such a big thing.
>a BDC just allows the user to logon if the PDC is not answering. The 
>Profile is downloaded from a more or less static path - from the server 
>that is the file-server (which should be abled to handle such flood of 

Hmm. That is a very good point! I should serve the profile from a file 
server, which doesn't need to be a domain controller at all.

Thanks for the help, and sorry my first message wasn't clearer.



More information about the samba mailing list