[Samba] Autentication against BDC first

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Fri Sep 29 13:55:55 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/28/2006 11:56 AM, Diego Martin Fernandez Fazio escreveu:
> Hi all, I have this question, I ve got a master LDAP server 
> on a remote place and i want to install a PDC and a BDC and
> a slave ldap server in other place.
> Mi question is... may I force de WorkStations logging (read 
> the information )against the BDC first than PDC, so the READ
> trafic goes to the Slave Ldap??? The problem is the network
> avoid READ traffic.

	You can have a local network using your BDC if it is
the Master server of the network, yes it is possible, just
follow the Samba Official HOWTO recommendation.


> In the Samba FAQ recomends that the:
> PDC--->use de Master Ldap and
> the BDC --->use a Slave Ldap

	You can also have all the servers using the same LDAP
backend, but that's a different story, the above model is the
recommended one.


> this is a network map for the idea:
> 
> 		MASTER LDAP on Remote Site
> 			|
> 			|
> 			Wan 
>                         |
> 			|
> 	SMB PDC 	SMB BDC	  Slave Ldap on LAN	
> 			|
> 			|
> 			|
> 			WS
> 
> So when I log into the WS the BDC ask to the local Slave LDAP trough the
> LAN network.
> 
> And if i need to change a password of the user on PDC goes trough WAN
> and modify the master LDAP and this then modify the Slave LDAP trough
> the WAN.
> 
> So... my question is can I configure my BDC with the priority.
> Maybe... on the PDC set:
> 
> domainsmaster=yes
> domainlogons=no 

	You need "domain logons = yes" to be the PDC.

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html


> and on the BDC
> domainmaster=no
> domainlogons=yes.
> 
> Many many thanks and scuse my poor english.

	The PDC needs to update the LDAP Master always, there are
lots of things going on, computers change their passwords, people
changes their passwords... You could use some strategy of data
replication between the LDAPs to try to reduce the traffic, but it
is also a different story.

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFHSXrCj65ZxU4gPQRAhLiAJ4zDHYJaFA2oRJ651LwEn8NTk4asgCdEKFs
9ye+Nj47ZPGYK3iWFKEW3kk=
=LL5M
-----END PGP SIGNATURE-----

More information about the samba mailing list