[Samba] two PDCs
pischta at gmail.com
Tue Jul 13 01:07:37 MDT 2010
> How did you get it working like that so quickly? Did you get it
> working with two primary domain controllers? (As opposed to one PDC
> and two BDC's?)
> It shuld be some misunderstanding, because I didn't. I still planning the
> Of course, my users only visited each others' offices "occasionally".
> If you have tons of movement between the offices, a one-domain
> solution may be forced upon you...
> Unfortunately, a lot of users are roaming users (teachers with laptop, and
> users). My plan is that I will set up separate profile shares on both side,
> but at least they can use their own username and even change their
> So, I would like to try the multi-PDC scenario with master and slave LDAP
> server, but I worry about a little.
> It makes very little sense to have multiple PDC's, and only adds to both
> administrative and user confusion IMHO. Give the present workings of
> OpenLDAP, just pick a replication strategy the makes sense and use a single
> domain. I've built and run a single domain on a 15 node VPN with
> multi-master OpenLDAP backend, and it is remarkably resilient.
About multi-master replication. Scott wrote that he had to deal with it a
lot, so he didn't recommended that. But, I need one domain, because a lot of
users uses both site. So, I have the following options:
1. PDCs on each site, with the same domain, as chapter 6 describes.
a. Master LDAP server in the HQ, and slave in the branch site, according
to the SaMBa guide.
b. Branch site uses master LDAP server too. It looks tepmting, but
difficult/dangerous to me.
2. PDC on the HQ, BDC on the branch site
a. branch site uses slave LDAP server.
b. Branch site uses master LDAP server too.
In 1/a and 2/a, the VPN outage could be problem. Am I right? As i know, only
PDC writes to the LDAP database. Is that true? Because in case of VPN
outage, this situation has the same drawback.
So, my main problem is the unreliable ADSL line. Can we live with slave
server in the branch office?
> How are you intending to keep roaming profiles in sync (the files on
> the server, not the stuff in LDAP)? Are you going to use rsync?
> Unless users jump from office to office, why bother. I would set road
> warriors with local profiles and and sync their stuff in a manner
> appropriate to there schedules/primary location.
Students will have that problem, but they have to bow to it.
More information about the samba