[Samba] password server vs. passdb

Chuck Theobald chuckt at uoregon.edu
Thu Feb 1 03:28:18 GMT 2007

Andrew Bartlett wrote:
> On Wed, 2007-01-31 at 17:52 -0800, Chuck Theobald wrote:
>> Hi,
>> Is it possible to run a non-PDC file server which references an 
>> authentication server via the "password server" directive as a BDC to 
>> the PDC? In short, I have one machine that serves as the LDAP auth 
>> server and PDC for my domain. I have another machine that is the file 
>> server and uses the aforementioned "password server" directive to 
>> authenticate users. Now, I would like to run the file server as a BDC as 
>> well. I have set up the file server as a slave LDAP server per Jerry's 
>> "LDAP System Administration" book, and am working from John Terpstra's 
>> chapter on Backup Domain Control.
>> My aim is to have the file server fail over to itself for both domain 
>> control and authentication should my main LDAP server/PDC go offline. 
>> Otherwise, the file server should reference the main server for both 
>> domain control and authentication.
>> I guess the question boils down to: What should I have password server, 
>> passdb backend, and security set to?
> If your fileserver becomes a BDC, and holds a copy of the authentication
> database in it's local LDAP slave, why should it ever contact the PDC?
> What do you gain by adding load to the PDC to obtain information
> available locally?
> In any case, samba is either a DC or a member server, never some weird
> mix between the two...
> Andrew Bartlet
This occurred to me after I sent the message. As you say, there is no 
need for my file server to reference the main LDAP server. My main 
concern is to provide failover for the PDC. This means, I suppose, 
dropping the 'password server' directive in favor of the 'passdb 
backend' directive.


More information about the samba mailing list