[Samba] Samba 4 AD BDC (Syncrepl)
Rowland Penny
rpenny at samba.org
Wed Jan 25 15:37:09 UTC 2017
On Wed, 25 Jan 2017 15:55:16 +0100
basti via samba <samba at lists.samba.org> wrote:
> Hello,
>
> at the Moment we use and Samba 4 in NT4-style Domain with approx. 20
> Clients.
>
> With the Problem of Windows 10 to join to NT4-style
> (https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains#Windows_10:_There_Are_Currently_No_Logon_Servers_Available_to_Service_the_Logon_Request)
> we plan to migrate to Samba AD.
>
> At the Moment there is the following scheme:
>
> samba PDC (Fileserver) -> Openldap syncrepl to Mailserver (to receive
> mails if PDC is down)
>
> As I can read Samba LDAP can't sync to OpenLDAP and it's not recomment
> to run PDC on Fileserver.
I think you mean, it is not recommended to use a Samba AD DC as a
fileserver.
Two things, whilst it is not recommended, you can use a Samba AD DC as
a fileserver, you just have to be aware of the limitations, see here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server
Secondly, please stop referring to an AD DC as a PDC or BDC, this is
what you have now. All AD DCs are equal except for the FSMO roles and
these can be on any DC, there is no concept of a PDC or BDC in AD.
>
> What is the best way?
>
> samba PDC (kvm vm/ host1) <- drs -> Samba BDC (kvm vm/ host2)
>
> Fileserver, get users via pam_ldap from PDC.
Fileserver, get users & groups via winbind from AD
> Mailserver, get users via pam_ldap from PDC.
Depends on your mailserver, if it can use kerberos, then use kerneros.
>
> How does the mailserver know to ask the bdc if pdc is down?
Seeing as there is neither a PDC or BDC, it shouldn't matter.
Rowland
More information about the samba
mailing list