[Samba] Partial BDC functionality ...

Andy Burns andy.burns at protologic.co.uk
Mon Jul 29 10:31:40 GMT 2002 

I'm investigating deploying multiple samba servers to remote offices which
have slow links to central LAN with NT4 as PDC, hoping to provide the
following :-

1) Local samba fileserver in each office for faster access to shares, which
can be rsynch'ed or backed up across the slow links to the central LAN
overnight. So far so good :-)

2) Impove logon speed for for users in each office by reducing netlogon
share + profile share + SAM traffic over slow links, hmmm, this would
normally be the job of an NT BDC but samba 2.x can't do that and it's
probably not acceptable to use samba as PDC instead of NT4 :-(

What if .....

Install samba + winbind + pam_winbind in each remote site

Create netlogon share on each samba server and rsync from PDC to reduce
logon script traffic over slow links.

Create roaming profiles share on each samba server and use %logonserver% to
specify user profile path in user manager to avoid profiles being retrieved
and saved across slow links.

Set "domain logons = yes" in smb.conf so samba "looks like" a BDC to clients
in remote sites

When clients authenticate to samba it should hand off the authentication to
winbind,
presumably this will still work despite "domain logons" setting?

Will winbind's caching reduce authentication traffic over slow links to PDC?
Or doesn't it cache password hashes?
Or would the time to check the SAM sequence number is unchanged be about the
same anyway?

Presumably each samba server would be best as the subnet master browser?

What about WINS? if remote clients use their local samba server for WINS
they will find the local samba server as their BDC through DOMAIN#1c netbios
records, but the multiple remote samba WINS servers can't replicate with
each other (or the main LAN's NT4 WINS server) Might it be better to go
against the usual grain and let the remote sites use broadcast for netbios
name resolution rather than WINS?

The samba HOW_TOs concentrate on providing BDC functionality as redundant
backup for samba PDC, but providing geographically dispersed BDC
functionality is another big reason for using them, has anyone tried the
above or anything similar to crack this particular nut?

More information about the samba mailing list