[Samba] RE: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (succe ss, sort of)

Collins, Kevin KCollins at nesbittengineering.com
Tue Oct 29 14:57:40 GMT 2002

Andrew Barlett wrote:
> Domain trusts (in terms of us being a PDC trusting other DCs) are
> currenetly a work in progress.  We hope to have it finished for Samba
> 3.0.
> However, why do you need domain trusts?  (There are lots of 
> good answers
> to this question, but make sure you do have one of the answers).
> Samba 2.2 has always supported being a member server in a domain with
> domain trusts, for the record.


Interesting you should ask about the *need* for my three domains and
their trusts.  Myself and a junior-admin had this same discussion the
day I wrote the post.  Looking back, it just seemed the logical thing to
do.  You see, in the beginning the three domains weren't connected -
definite need then.  When we put the WAN in place we didn't want to
"rip-out" anything, so we used the trusts to "bind" the domains together
- *need* defined as we needed it working ASAP.  Personally, I would
prefer to keep them separate just for greater user/group control.

But, I can also see that I may not *need* the independent PDCs that
trust each other, but maybe a PDC and 2 BDCs.  I'm looking hard at the
latter just so I do not hit any major hurdles when moving to SAMBA.
Thinking along those lines I must pose the question:  Will a SAMBA BDC
function as an NT BDC in that an NT BDC will cache (i.e. store locally)
user/group/SID information and only update/sync with the PDC at a
specified intervals?

If we go with the one domain concept here, I'm going to need the BDCs in
each office to basically "run the show" for that office when it comes to
authentication.  I do not want logons, etc. being passed to the PDC
across a 128K frame line half-way across the state - except in an
emergency like the BDC being offline.  The reason I ask is that I've not
tried to simulate this yet and it really is the only sticking point in
the single domain plan (that I can see now).

Thanks for your response and I hope that I have not broad-sided you with
my theorizing and planning.


Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2270 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20021029/870bae10/smime.bin

More information about the samba mailing list