[Samba] Samba + LDAP over the WAN

Robert Schetterer robert at schetterer.org
Wed Sep 7 09:16:14 GMT 2005

Collins, Kevin schrieb:

>Since we're on the subject of Samba over the WAN....
>(BTW, I'm running three offices with a Samba 3.0.9 PDC and two Samba 3.0.9 BDCs over an FreeSwan based WAN and it works just fine.  The WINS server is a must in my book though.)
>Last Thursday and Friday, one of the remove office's WAN lines went down.  While the outages were significant, nothing major happened because of it.  But, it got me thinking about what *could* have happened and that has raised these questions.
>Background: All servers running RHEL 3.0, up2date'd.  Samba version is 3.0.9.something.that.RedHat.Adds  OpenLDAP used for ldapsam password backend.  Master OpenLDAP server is located in my office, each office has a replica.
>1).  If someone would have decided to change their password while the line was down, what would have been the net effect?  I know the change would not have been applied to the replica LDAP server, but would it have been queued until the Master LDAP server could have been contacted?
>2).  I know that each workstation in the domain changes its machine password at a random time, what would have happened during this process if the WAN was down?
>3). Are there any other problems that could be caused by a WAN outage that can be called disasterous?  What would those be?
>4). Any recommendations to minimize No. 3 above?
>Kevin L. Collins, MCSE
>Systems Manager
>Nesbitt Engineering, Inc.
as far i know, ldap master-slave is a oneway thing, and the slave 
is/should not be writable
so if you do any changes on the slave this will have no effect to the 
slave, it works with its last replica
and gets the newest replice if the line is up again, by slurpd.
For my information this will change until samba 4 is comming, as far i 
heared samba4 should have funktions like the active directory
which has this funktions of replications between "pdc/bdc"
perhaps you should ask the development team of samba 4 if this will work 
and how.....i am not sure if they will use a orginal ldap server
for doing such stuff or will write their own procedure for doing 
replicate of active dir entries
There may be some hacks for ldap to manage such things just right now 
but i am not a guru in ldap..

More information about the samba mailing list