[Samba] Antwort: Re: central PDC + remote BDCs: LDAP strategy, my lack of comprehension

Michael Heydon michaelh at jaswin.com.au
Fri Aug 21 02:46:01 MDT 2009


sven.ehret at comdok.de wrote:
> Thanks Michael, this did advance my progress. With “domain master = no”, 
> “password server” set to the central server and “passdb backend” pointing 
> to the local LDAP replica, my XP client now contacts the central SAMBA 
> server when joining the domain. But now it is always logging on to the 
> central server and not using the other, remote samba server at all (which 
> honestly is in the same LAN in my testing environment). This is unwanted, 
> partly because the logon script resides on the remote system and to reduce 
> network traffic between client and central server (which would be fragile 
> WAN traffic once rolled out).
>
> Is there any way I can influence to which server the client logs on to?
>   
Windows will log on using what it considers the "closest" server. The 
only way I know of to influence how "close" a server is considered is to 
move it to another subnet.

>> My question is: When the remote SAMBA server only talks to its own local,
>>     
>> read-only LDAP slave, how is it going to change user/machine passwords or
>>     
>> add machine accounts (when joining the domain)?
>>
>> In my test setup an XP client inisisted on trying to join the BDC, failing
>>     
>> because a) smbldap-tools is not installed or b) it could not write to the
>>     
>> slave LDAP directory.
>>     
Your read only slave should be able to return a referral to the master 
when it gets a write request (at least that is how I remember it, it has 
been a while since I have had to touch my LDAP setup).


*Michael Heydon - IT Administrator *
michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>


More information about the samba mailing list