On 1/17/06, Paul Lussier <[EMAIL PROTECTED]> wrote: >> Password changes and account modifications (including machine >> trust account auto-updates) will have to go to the PDC (over the WAN), >> though. > > This is exactly what I was trying to say. Granted, I was using LDAP > terminology, but the concept is exactly what I was trying to convey.
Well, like I said, the NTLM clients aren't really aware of LDAP. It's NTLM all the way to the NTLM PDC at the main office. What happens at that point is up to Samba. So LDAP replication doesn't get involved (in this part). Now, since we're on the subject, and you seem to know LDAP pretty well, I've got a question: Assume the Samba PDC at the main office passes the password change (or whatever) on to LDAP at the main office, and that all succeeds and everything. How does the LDAP server at the remote site know that the LDAP database at the home site has been updated? Does the main office LDAP server notify the remote office LDAP server somehow? And if not, will that lead to problems because the Samba PDC at the main office and the Samba BDC in the remote office have different views of the world? > Other than the cross-domain trusts, which I was assuming (stupid me) > was a given, I think I made exactly this suggestion, just not using > these words. Well, you were going on about LDAP contexts and stuff, but you never actually mentioned that each LDAP context would have to equal a different NTLM domain. Given that Kenny was asking about using a single NTLM domain, that confused me. (And I think everyone else was already confused. (Or more likely, had lost interest. :) )) > The only thing not being figured in here is the roaming profiles of > the remote users visiting the home office. But I think you mentioned > that this would be covered by latency in accessing the profile server > triggering the use of a cached profile on the laptop being used > instead, right? Yup! -- Ben "LDAP must be the shortstop" Scott _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss