[Samba] Samba 4 AD BDC (Syncrepl)
mathias dufresne
infractory at gmail.com
Fri Jan 27 13:18:49 UTC 2017
And to get a strong platform with servers which can go down without
breaking whatever services which depend on your AD, just build several
domain controllers. As all DC (for normal use) do the same job, your mail
server will be able to discuss with DCx or DCy when DCz is down.
2017-01-25 16:37 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Wed, 25 Jan 2017 15:55:16 +0100
> basti via samba <samba at lists.samba.org> wrote:
>
> > Hello,
> >
> > at the Moment we use and Samba 4 in NT4-style Domain with approx. 20
> > Clients.
> >
> > With the Problem of Windows 10 to join to NT4-style
> > (https://wiki.samba.org/index.php/Required_Settings_for_
> Samba_NT4_Domains#Windows_10:_There_Are_Currently_No_Logon_
> Servers_Available_to_Service_the_Logon_Request)
> > we plan to migrate to Samba AD.
> >
> > At the Moment there is the following scheme:
> >
> > samba PDC (Fileserver) -> Openldap syncrepl to Mailserver (to receive
> > mails if PDC is down)
> >
> > As I can read Samba LDAP can't sync to OpenLDAP and it's not recomment
> > to run PDC on Fileserver.
>
> I think you mean, it is not recommended to use a Samba AD DC as a
> fileserver.
> Two things, whilst it is not recommended, you can use a Samba AD DC as
> a fileserver, you just have to be aware of the limitations, see here:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_
> Active_Directory_Domain_Controller#Using_the_Domain_
> Controller_as_a_File_Server
>
> Secondly, please stop referring to an AD DC as a PDC or BDC, this is
> what you have now. All AD DCs are equal except for the FSMO roles and
> these can be on any DC, there is no concept of a PDC or BDC in AD.
>
> >
> > What is the best way?
> >
> > samba PDC (kvm vm/ host1) <- drs -> Samba BDC (kvm vm/ host2)
> >
> > Fileserver, get users via pam_ldap from PDC.
>
> Fileserver, get users & groups via winbind from AD
>
> > Mailserver, get users via pam_ldap from PDC.
>
> Depends on your mailserver, if it can use kerberos, then use kerneros.
>
> >
> > How does the mailserver know to ask the bdc if pdc is down?
>
> Seeing as there is neither a PDC or BDC, it shouldn't matter.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list