[Samba] CTDB and PDC Role

Alex Crow acrow at integrafin.co.uk
Tue Nov 2 14:26:39 MDT 2010

> Well, depending on your passdb backend this might or might
> not work. I would not count on file system failover to get
> the passdb.tdb right in all cases. Probably I am too
> paranoid here, as we're using proper tdb transactions these
> days, but between a CPU and a disk spindle in a SAN setup
> too much can go wrong for my taste.

Understood - but given my other bug reports and postings here I find 
that even without clustering there have been changes I cannot get to 
grips with (and as per my usual story it's to do with Winbind and 
trusted domain - if you could cast an eye on these I would be most 
grateful. Level 10 logs from my test domain will be supplied if required.
> The main difference between a PDC and a BDC in a Samba setup
> is the "domain master = yes/no". It is really just a matter
> of setting that to yes and a restart of smbd and nmbd to
> promote a BDC to a PDC.
>> For your logon scripts and profiles in your LDAP you'd just point to
>> a virtual IP/hostname of the PDC/BDC cluster.
>> Volker, would this work?
> Details pending, the general idea sounds okay. But please be
> aware that in HA setups so much can go wrong that it's not
> funny anymore. The devil is really in the details.

Well, to add to the pile, I've tested by on a domain member client 
machine (on a different subnet to the PDC and one BDC, but the same 
subnet as another BDC) by editing windows/system32/drivers/etc/hosts to 
point to invalid IPs for the non-local PDC and BDC. I could log on via 
rdesktop but not via UltraVNC using Windows auth, and after logging on 
via RDP in the permissions dialog for local files, domain users were not 
enumerated (SIDs only displayed).

Is this a WINS problem? If so, I think that it should be stated (unless 
it is already) in the documentation that if your PDC fails you *must* 
configure one of your BDCs as a WINS server.



(3.4.9 on all DCs and member servers)

> Volker

This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 1200
(Registered office: as above; Registered in England and Wales under number: 3727592)
Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856)

More information about the samba mailing list