[Samba] Multiple Samba PDCs doubt

Marc Franquesa mark at l3jane.net
Fri Sep 3 07:20:07 MDT 2010 

First, excuse me because I don't speak english very well (perhaps this
is the reason that I mess up something when reading the documentation).
I have read the Howto, some Examples and the book and I have some doubts
which I like to solve. Excuse me for the big post, too ;)

My starting point:
- 3 Debian Linux Samba Servers
- 1 Windows XP SP3 Professional
- 1 OpenLDAP Server (on another Debian Linux Server)
- All hosts in the same network

Software that I'm using:
- Debian Stable (Lenny) 5.0 
- Samba 3.2.5
- OpenLDAP 2.4
- Samba LDAP tools from IDEALX
- PAM-LDAP
- NSS-LDAP

I verfied it all and with a simple configuration for Samba (Simple
Workgroup), the LDAP backend works well for all uses (authentication,
authorization, NSS resolving, etc.) meaning that all LDAP packages are
well configured. (But this question is more about Samba than Samba
+LDAP).

WHAT I AM TRYING TO DO:

- Configure *ALL* 3 Linux Samba Servers as PDC for a NT4 Domain (for
redundancy/fault tolerance).
- Use the same LDAP backend for all Samba servers (centralized authn
+authz)
- Include the Windows XP SP3 as a Domain Member.

I want that if one of the Samba Servers goes down (any of them) the
Domain will not be affected.

MY DOUBTS:

- Following the documentation I must configure all Samba Servers with at
least:

[global]
workgroup = MYWORKGROUP
passdb backend = ldapsam:ldap://my.ldap.server
os level = 33
preferred master = yes
domain master = yes
local master = yes
security = user
domain logons = yes

My big doubts appear when I read 'Security Mode and Master Browsers'
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html#id2564901

> Configuring a Samba box as a domain controller for a domain that
already by definition has
> a PDC is asking for trouble.

I understand that probably the problem gets fixed by the fact that all
PDCs will use the same backend (LDAP), but I want to be sure that I
don't have problems in the network nor broadcasts storms.

If the problem is related to the Master Browser election can I solve it
simply configuring different values for os level en each server?

Please, if I don't explain well are do you have any question don't
hesitate to ask me again.


Thanks for the help and for this killapp


-- 
----------------------------------
Marc Franquesa
Lady 3Jane http://www.l3jane.net/
Nexus

More information about the samba mailing list