[Samba] PDC and BDC load-balancing
Norman Hooper
norman at lateral.co.za
Mon Jul 29 02:35:03 GMT 2002
Hi Sven,
Thanks for your response.
>>I would like to know how Samba / Windows determines which domain
>>controller should handle a logon request, and whether there is a way I
>>can affect the process.
>>
>>
>
>i heard something like the Workstation takes the first DC which answers
>- which should be the faster machine.
>
>
I heard something like that too. I was hoping that if my BDC was fast
enough, and close enough on the network to the workstations logging on,
then it would handle more requests. Maybe my BDC needs to be as fast as
my PDC.
>>Here's the situation: I have a school installation running a Samba
>>domain, with a PDC (1.1GHz Celeron, 256 MB RAM) and one BDC (much
>>smaller, 366 with 64 MB RAM), both with RedHat 7.1 and Samba 2.2.5.
>>There are about 80 NT and 2000 workstations, and about 10 98 machines.
>>
>>
>
>i think the 386-machine will answer with a little delay.
>
>
Sorry, that "366" was a bad typo. It should be "633" -- It's a 633 MHz
Celeron with 64 MB RAM, so almost half the speed of the PDC, with a
quarter of the RAM. (Although neither the PDC or BDC are using any swap
space.) I am using a standard Samba PDC - BDC setup as outlined in the
Samba HOWTO, with the PDC as an NIS master, and the BDC an NIS slave to
replicate the Linux user password files, and I am using rsync scheduled
with crontab to push any changes to smbpasswd and the netlogon and
profile shares from the PDC to the BDC automatically. Rsync can work
through SSH, and SSH can authenticate with public key encryption, so it
doesn't prompt for a password. It is working well: I have tested the
replication of the files, and users who change their passwords and
machines that are added to the domain are recognised by the BDC. Also,
users who log onto the BDC are sent their profile successfully -- using
the synchronised local copy of the profile stored on the BDC. Also,
users' home directories are stored only on the PDC. The BDC's smb.conf
file goes:
logon path = \\%L\profiles\default.man
logon script = \\%L\netlogon\scripts\logon.bat
logon home = \\PDCname\%U
home drive = H:
And the PDC's smb.conf file goes:
logon path = \\%L\profiles\default.man
logon script = \\%L\netlogon\scripts\logon.bat
logon home = \\%L\%U
home drive = H:
>>So I figured Plan A was to install a BDC. I didn't have another 1.1GHz
>>machine, so I decided to test with a smaller one, see how it affected
>>the PDC's load, and take it from there.
>>
>>
>
>why did you setup a BDC? as far as i know, a BDC has the user-database
>of the PDC - nothing more - nothing less.
>
Yes, you're right. I was just thinking that if the PDC was overloaded,
then if I had a BDC to share the load of logging users on, together both
would be able to cope. So all the BDC would need would be an exact copy
of the PDC's user database, and copies of the netlogon and profiles shares.
Interestingly, Ignacio Coupeau, who has worked a lot with Samba PDCs,
with Samba TNG, Samba HEAD and Samba 2.2, and has written very detailed
Samba LDAP PDC HOWTOs, instead of using BDCs (which Samba TNG does not
support), in his HOWTOs he just has many domains (8), all with their own
Samba PDC. Maybe he has a point! Maybe BDCs are not the way to go, and
if I want to break up the load I would need several PDCs.
>the roaming-profiles are strored at the path you specified. if one
>workstation downloads from the PDC (and of course uploads to the PDC)
>and the other downloads the profile from the BDC - the copy on the BDC
>would have to be synced all the time to the profile on the PDC.
>
Yes. But the profile is mandatory (and there is only one, used by all
users), so workstations never upload back to the PDC or BDC. If there
are ever any changes to the profile, it will be because I made them
myself, so it is only synced between the PDC and BDC very seldom, and
also only needs to be synced between a DC and a workstation when a
change has happened.
>an auth-request is just a work of milli-seconds - it's not such a big thing.
>
>a BDC just allows the user to logon if the PDC is not answering. The
>Profile is downloaded from a more or less static path - from the server
>that is the file-server (which should be abled to handle such flood of
>requests)
>
Hmm. That is a very good point! I should serve the profile from a file
server, which doesn't need to be a domain controller at all.
Thanks for the help, and sorry my first message wasn't clearer.
Regards,
Norman.
More information about the samba
mailing list