[Samba] 3.0: machine trust accounts & ldap servers

Marian Mlcoch, Ing mm at tsmp.sk
Mon Nov 25 07:55:01 GMT 2002 

Hi i read your problem about ldap redudance and my report: that is not role
of samba
you can use ldap ssl to localhost and then by redirector on kernel create
redudance check and reconect
to any available ldap servers ...

----- Original Message -----
From: "Dariush Forouher" <dariush at forouher.de>
To: "Yura Pismerov" <ypismerov at tucows.com>
Cc: "Samba ML" <samba at lists.samba.org>
Sent: Sunday, November 24, 2002 8:29 PM
Subject: Re: [Samba] 3.0: machine trust accounts & ldap servers


> Am Son, 2002-11-24 um 19.35 schrieb Yura Pismerov:
> > Dariush Forouher wrote:
> > > does 3.0 still need unix accounts for machine trust accounts? This
would
> > > be nice, because AFAIR in LDAP they can be placed into another
> > > directory. If no, must there be some magic options present in
smb.conf?
> > >
> > > Another question: Is it possible to give samba 3.0 more than one ldap
> > > servers to get more redundance? If yes, works this with 2.2 too?
> >
> >
> > Have you ever thought that Samba needs read/write access to the
> > directory, not just read only ? In this case, how would you synchronize
> > multiple LDAP replicas ?
> > Usually LDAP uses one way replication mechanism. That means you always
> > do changes (writings) to the master replica, then the changes are being
> > propagated to other (read-only) replicas. Many LDAP implementations
> > support referral mechanism, so
> > writing can be directed to any replica including read-only and they will
> > be automatically redirected to the master server. So LDAP redundancy has
> > usually nothing to do with client implementation - it is up to a system
> > administrator to create proper redundant LDAP farm using either software
> > solutions (various VRRP implementations), or
> > real (hardware) load balaning devices.
> >
> > If you propose built-in redundancy feature for Samba it should imply
> > read-only operations only. For read-write ones you still need to use
> > master replica LDAP instance.
> > So IMHO it does not make much sense at this point.
>
> I had the idea to set up two/three LDAP servers that should be used by
> one samba PDC, several BDCs and by samba fileservers as well. If I give
> every samba server only one LDAP server as password backend and if a
> LDAP server goes down, every samba server that depends on this specific
> LDAP server will be down as well. That's not very redundant. I know that
> there won't be any changes to the directory possible any longer, if the
> LDAP master goes down. But samba should still be able to act as a
> read-only BDC or as a fileserver. Is this possible? The DCs aren't that
> important, because there will be several of them, but the samba
> fileservers must not depend on one LDAP server.
>
> ciao
> Dariush
> --
> PGP Fingerprint: 0x886C99A1
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list