[Samba] Samba + LDAP over the WAN

Bruno Guerreiro bruno.guerreiro at ine.pt
Wed Sep 7 14:33:08 GMT 2005

It means we'll give up on trying to change the password for now. But no bad
guy will kick us.
And don't worry. We won't give up. We will come back later to try and change
it again and again and again... ;-)

Bruno Guerreiro

>-----Original Message-----
>From: Michael Gasch [mailto:gasch at eva.mpg.de]
>Sent: quarta-feira, 7 de Setembro de 2005 15:07
>To: Collins, Kevin
>Cc: samba at lists.samba.org
>Subject: Re: [Samba] Samba + LDAP over the WAN
>there were several threads about this topic and what cares 
>myself is the 
>following extract from this thread "[Samba] BDC, 
>documentation, Machine 
>Accounts Keep Expiring"
>/* if this next call fails, then give up.  We can't do
>           password changes on BDC's  --jerry */
>this is code from change_trust_pw.c
>does this really mean that pw changes fail and machines are kicked out 
>the network, if they try to contact a BDC for changes in case 
>PDC is down?
>Collins, Kevin wrote:
>> Since we're on the subject of Samba over the WAN....
>> (BTW, I'm running three offices with a Samba 3.0.9 PDC and 
>two Samba 3.0.9 BDCs over an FreeSwan based WAN and it works 
>just fine.  The WINS server is a must in my book though.)
>> Last Thursday and Friday, one of the remove office's WAN 
>lines went down.  While the outages were significant, nothing 
>major happened because of it.  But, it got me thinking about 
>what *could* have happened and that has raised these questions.
>> Background: All servers running RHEL 3.0, up2date'd.  Samba 
>version is 3.0.9.something.that.RedHat.Adds  OpenLDAP used for 
>ldapsam password backend.  Master OpenLDAP server is located 
>in my office, each office has a replica.
>> 1).  If someone would have decided to change their password 
>while the line was down, what would have been the net effect?  
>I know the change would not have been applied to the replica 
>LDAP server, but would it have been queued until the Master 
>LDAP server could have been contacted?
>> 2).  I know that each workstation in the domain changes its 
>machine password at a random time, what would have happened 
>during this process if the WAN was down?
>> 3). Are there any other problems that could be caused by a 
>WAN outage that can be called disasterous?  What would those be?
>> 4). Any recommendations to minimize No. 3 above?
>> --
>> Kevin L. Collins, MCSE
>> Systems Manager
>> Nesbitt Engineering, Inc.
>Michael Gasch
>Max Planck Institute for Evolutionary Anthropology
>Department of Human Evolution (IT)
>Deutscher Platz 6
>D-04103 Leipzig
>Phone: 49 (0)341 - 3550 137
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list