[Samba] Samba PDC + OpenLDAP replica

Jukka Hienola jukka.hienola at helsinki.fi
Tue Nov 8 13:40:36 GMT 2005

Hi again!

Finally got it working... For some reason my RHEL4 servers change 
certificate file permissions by default when restarting/reloading services.

Andrew Bartlett wrote:

>On Fri, 2005-11-04 at 10:23 +0200, Jukka Hienola wrote:
>Should it be BDC server 
>instead of PDC? 
>There should be one PDC per isolated netbios namespace.

>>Should I set up one departmental level master server 
>>with master LDAP and Samba PDC, and many LDAP slaves (replicas) with 
>>Samba BDCs? But in this case the different VLANs are coing to be a 
>>problem for traffic between Samba PDC and BDCs, or so I have understood, 
>>since switches connecting different VLANs don't route NetBIOS traffic. 
>Samba doesn't do netbios between it's various DCs, but clients will want
>to see one PDC per netbios scope.
So, Samba PDC and BDCs could communicate with each other, but Samba 
clients can't communicate with PDC, if they are in a different VLAN? In 
my case it would be much more easier (again from administrative point of 
view) if I could set up only BDCs in different VLANs, since I'm planning 
to use a single organization level LDAP directory to store user/client 
data in it (which of course will be replicated to slave/BDC servers).

At the moment I'm having a PDC per every sub-organizational VLAN, but 
different sambaSIDs on different PDCs give me a headache. If I could 
have a single LDAP based user/client pool on PDC, with BDCs and LDAP 
replicas on every VLAN, I could control user/client accesses to 
different services or subtrees simply by ACLs on my master LDAP server.

Jukka Hienola
University of Helsinki

More information about the samba mailing list