[Samba] Samba + LDAP over the WAN

[Adam Tauno Williams]

> Since we're on the subject of Samba over the WAN....
> (BTW, I'm running three offices with a Samba 3.0.9 PDC and two Samba 
> 3.0.9 BDCs over an FreeSwan based WAN and it works just fine.  The 
> WINS server is a must in my book though.)

We have a fifteen site WAN with sites linked via Frame Relay, point-to-point
T1s, and ISDN

> Last Thursday and Friday, one of the remove office's WAN lines went 
> down.  While the outages were significant, nothing major happened 
> because of it.  But, it got me thinking about what *could* have 
> happened and that has raised these questions.
> Background: All servers running RHEL 3.0, up2date'd.  Samba version 
> is 3.0.9.something.that.RedHat.Adds  OpenLDAP used for ldapsam 
> password backend.  Master OpenLDAP server is located in my office, 
> each office has a replica.

Same, we have a central OpenLDAP server on SuSe and various replicants.

> 1).  If someone would have decided to change their password while the 
> line was down, what would have been the net effect?

The attempt would fail.

> I know the change would not have been applied to the replica LDAP 
> server, but would it have been queued until the Master LDAP server 
> could have been contacted?

No.

> 2).  I know that each workstation in the domain changes its machine 
> password at a random time, what would have happened during this 
> process if the WAN was down?

The change password would fail,  it would try again later.

> 3). Are there any other problems that could be caused by a WAN outage 
> that can be called disasterous?

No,  we've had sites drop off the WAN for days with no significant issues.


> What would those be?
> 4). Any recommendations to minimize No. 3 above?

Start your own phone company? :)  One that doesn't suck.

-- 
Adam Tauno Williams - http://www.whitemice.org