[Samba] Multiple PDCs, Single Domain

Matt Schillinger mschilli at vss.fsi.com
Mon Sep 15 15:32:36 GMT 2003 

On Sun, 2003-09-14 at 09:05, Dariush Forouher wrote:
> Am Fr, 2003-09-12 um 22.51 schrieb Matt Schillinger:
> > Hello,
> > 
> > I have a rather experimental question to ask.
> > 
> > I know that under standard circumstances, that you cannot have multiple
> > PDC for a single domain, as they will conflict with each other.
> > 
> > I am dealing with a case of a school district, where there are multiple
> > buildings.There are T-1s that tie together each of the buildings, then a
> > bonded T-1 grants access to the internet through the main admin
> > building. They would like to have a single domain, but would like to
> > keep T-1 traffic to a minimum. They also want to continue with service
> > when T-1 outages occur.
> > 
> > What I was wondering is, if this could be made possible..
> > 
> > a PDC at each building, that ties into a slave LDAP server.
> 
> The only way to archive this, would be to hide those PDCs from each
> other. So you would have to block ports 137-139 at each T1 router.
> 

Would there still be a way that nmbd could be setup so that all hosts
would be visible in Network Neighborhood?

> > At the Administration Building, There is a master LDAP Server.
> > 
> > Optimally, if the Administration building could have a single BDC
> > (Obviously, BDC functionality would only be available when T-1
> > connectivity is functioning), that would be great.
> > 
> > I am wondering if this could somehow be accomplished with intelligent
> > usage of nmbd services keeping PDC selection problems out of the way..
> > Optimally, having a method of a full mapping of all hosts via nmbd would
> > be the best scenario, proxying to a central wins server. I fear that may
> > result in PDC in-fighting..
> 
> I have to admit that I don't see why you can't live live one PDC and X
> BDCs. You would have construct your LDAP servers this way anyway. If a
> PDC goes down (or the connection breaks) the BDC would still be able
> process logons on his own.
> 
The only Problem here is resources. The plan is that there are already
machines that can be used as PDC, one per building. However, there isn't
budget for a BDC per building, so the hope was to have a single BDC at
the main building.. I can see that this would be difficult, particularly
if ports 137-139 were blocked at T1 Router.

> ciao
> Dariush
-- 
Matt Schillinger
System Administrator
FlightSafety International
mschilli at vss.fsi.com
314-551-8403

More information about the samba mailing list