[Samba] two PDCs

tms3 at tms3.com tms3 at tms3.com
Fri Jul 9 10:58:08 MDT 2010 




>
> SNIP
>
> I think the multi-master replication sort-of defeats the purpose of
> the PDC in the remote office - multi-master replication means the
> information must be sent to both servers anyway.  If I recall
> correctly, I think Chapter 6 refers to running BDC's in each remote
> office, and only one PDC...
>
> I played with this once, and I got it working by setting up a PDC and
> BDC in the main office, a BDC (not PDC) in the remote office, and
> using LDAP's new multi-master replication to keep everything in sync.
> Throw in your DNS database, and It works, it's cool, but I think it
> was so not worth the effort (unless you have nothing better to do with
> your 20% time).  I spent a whole lot of time making sure the configs
> were perfect for the mult-master replication.

I found it quite simple. But I had a rather extensive use of NTLM auth 
stuff going on as well.
>
>
>
> The thing that threw the monkey-wrench is DNS and DHCP...I ended up
> putting all the DHCP information into the LDAP as well, with defined
> IP addresses for every MAC, because DHCPd updates the DNS when a new
> user requests an IP address.  Since I put a DHCP server on both sides
> of the VPN, I needed multi-master replication for the DNS information
> so the computers could find each other.  In the end, I dumped the MAC
> addresses from my hardware catalog into the LDAP, and preassigned all
> the IP's to reduce the number of writes to the LDAP server.

Well, I'll just say there are many ways to skin a cat, and leave it at 
that.
>
>
>
>
> I found it is much easier to set up two separate domains and have them
> trust each other, using different branches of the same LDAP tree.
> Then, let one server write to one branch, the other server write to
> the other branch, and do multi-master replication between them.  That
> way, there is no worrying about simultaneous updates or any of that
> jazz.  Not as cool...or as elegant, but it made my life easier by
> isolating problems.  I did the same for the DNS information, setting
> up separate zones for each physical office.  Since the information was
> in the same tree, it was much easier to configure mail servers and
> other services needing directory information, and since I did not
> delegate the branches, the mail server (only in the main office) did
> not need to read off my remote directories over VPN.
>
> Of course, my users only visited each others' offices "occasionally".
> If you have tons of movement between the offices, a one-domain
> solution may be forced upon you...
>
>
>
> On Fri, Jul 9, 2010 at 8:58 AM,  <tms3 at tms3.com> wrote:
>>
>>
>>
>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Friday 09/07/2010 at 4:36 am, Tamás Pisch  wrote:
>>>>
>>>>
>>>> Hello,
>>>>
>>>> I have a PDC with master ldap backend and a BDC with slave ldap 
>>>> backend
>>>> (both are SaMBa 3.2 on Debian Lenny). I want to install an additional
>>>> SaMBa
>>>> server on an another site (on Debian Squeeze). The two sites is 
>>>> connected
>>>> with VPN (on not so reliable ADSL lines). I read an interesting 
>>>> network
>>>> scenario in the Samba Guide chapter 6: theoretically it is possible to
>>>> install one PDC on both site, with the same domain, server name, and 
>>>> SID.
>>>> I
>>>> like this idea, but: is there anyone who tried that, have experience 
>>>> with
>>>> it?
>>>
>>> No, but your best option is to simply use LDAP replication and install 
>>> an
>>> LDAP server on the remote location server.  This way, auth traffic on 
>>> the
>>> remote is always local (saving bandwidth) and is available regardless 
>>> of the
>>> link being up or down.  Do the same with DNS, and you'll be quite 
>>> happy with
>>> the results as will your users.
>>>>
>>>>
>>>>
>>>>
>>>> Thank you, in advance.
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
> --
> ----
> Scott Grizzard
> Scott at ScottGrizzard.com
> http://www.ScottGrizzard.com

More information about the samba mailing list