[Samba] Samba + LDAP over the WAN
Robert Schetterer
robert at schetterer.org
Wed Sep 7 09:16:14 GMT 2005
Collins, Kevin schrieb:
>Since we're on the subject of Samba over the WAN....
>
>(BTW, I'm running three offices with a Samba 3.0.9 PDC and two Samba 3.0.9 BDCs over an FreeSwan based WAN and it works just fine. The WINS server is a must in my book though.)
>
>Last Thursday and Friday, one of the remove office's WAN lines went down. While the outages were significant, nothing major happened because of it. But, it got me thinking about what *could* have happened and that has raised these questions.
>
>Background: All servers running RHEL 3.0, up2date'd. Samba version is 3.0.9.something.that.RedHat.Adds OpenLDAP used for ldapsam password backend. Master OpenLDAP server is located in my office, each office has a replica.
>
>1). If someone would have decided to change their password while the line was down, what would have been the net effect? I know the change would not have been applied to the replica LDAP server, but would it have been queued until the Master LDAP server could have been contacted?
>
>2). I know that each workstation in the domain changes its machine password at a random time, what would have happened during this process if the WAN was down?
>
>3). Are there any other problems that could be caused by a WAN outage that can be called disasterous? What would those be?
>
>4). Any recommendations to minimize No. 3 above?
>
>--
>Kevin L. Collins, MCSE
>Systems Manager
>Nesbitt Engineering, Inc.
>
>
>
Hi,
as far i know, ldap master-slave is a oneway thing, and the slave
is/should not be writable
so if you do any changes on the slave this will have no effect to the
slave, it works with its last replica
and gets the newest replice if the line is up again, by slurpd.
For my information this will change until samba 4 is comming, as far i
heared samba4 should have funktions like the active directory
which has this funktions of replications between "pdc/bdc"
perhaps you should ask the development team of samba 4 if this will work
and how.....i am not sure if they will use a orginal ldap server
for doing such stuff or will write their own procedure for doing
replicate of active dir entries
There may be some hacks for ldap to manage such things just right now
but i am not a guru in ldap..
Regards
More information about the samba
mailing list