[Samba] Understanding Documentation about BDC in HowTo Collection

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Mon Nov 7 12:54:11 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Gasch escreveu:
> hi list&john,

	Hi. :)


> i read in the documention about BDCs:

[...]

> To retrieve the domain SID from the PDC or an existing BDC and store it
> in the |secrets.tdb|, execute:
> 
> |root# |*|net rpc getsid
> 
> is this enough, because net getlocalsid gives
> SID of DOMAIN MYDOMBDC is s-1-5-21-.... which is not the same like the
> SID of MYDOM.
> net getlocalsid MYDOM gives the right SID on BDC.
> 
> on PDC "net getlocalsid" and "net getlocalsid MYDOM" produces the same SID
> 
> so should i also do "net setlocalsid <SID_OF_MYDOM> on BDC" or is it not
> wise to have 2 machines with the same SID on the network although
> they're linux???

	PDC and BDC should have the same SID to work properly. The
getlocalsid and setlocalsid is tricky. :-)  After useing the 'net rpc
getsid', I usually stop the samba server, run the net setlocalsid
with the right SID and then start the samba server again. It works
when the net rpc fails. =)


> btw:|*
> i have a samba v3 setup like:
> 
> PDC -> LDAP master, with secondary slave LDAP server.
> BDC -> LDAP slave server, with secondary master LDAP server.
> 
> i think this is fine but i'm thinking about migrating to:
> PDC -> LDAP master, with secondary slave LDAP server.
> BDC -> LDAP master, with secondary slave LDAP server.
> 
> what's zour opinion about switching the BDC to point its first ldap
> server to ldapmaster? both are in the same subnet.
> i'm just afraid of LDAP master failing and time outs on BDC side because
> it tries to connect to LDAP master....well if BDC LDAP fails then i have
> timeout, too...right...so what's zour opinion?
> 
> thx as usual :)

	From Samba docs looks like that the best option is setup
the PDC with LDAP Master and BDC with LDAP Slave, if master fails,
slave could attend requests, the point of being a BDC is that you
can only read (no write), which is good for a LDAP slave. :)

	But remember to test you setup, which means, turn off the
master to check if the slave (BDC) will work fine.

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFDb05zCj65ZxU4gPQRAnpAAKDEiS8gp6Q1dMB0TBaOGfiGYTjDmQCeKTEA
kD9jn/gctnV9UoMOPyZSmxg=
=7WkQ
-----END PGP SIGNATURE-----

More information about the samba mailing list