passwd backend = ldapsam:"ldaps://ldap.server2 ldaps://ldap.server1"
server2 - the BDC and ldap slave which is read only
server1 - is the PDB and has the ldap master which users can read/write, so they could update their passwords.
If I have it setup this way, the users that on the other side will never be able to update their passwords, at least on that leg of the VPN. Or maybe I just thinking about this the wrong way.
Jason
rruegner wrote:
Hi,
if you want to stay bdc stay alive, in cases
when vpn broke so on your bdc smb.conf
your slave ldap should be the first entry in the passwd backend,
so if vpn brake , the slave ldap operates with its last
entries from the master and will give the win clients any chance
to operate just like if the pdc is alive.
If vpn is up again it the ldap should refresh the slave automatic.
But note, a bdc is read only so changes can olny be made to the master ldap on the pdc.So no changes can be made to the domain during the blackout period.
If you want a full functional bdc you also should setup user clients homes and profiles in your outside ( vpn ) office hosted on the bdc.
( a seperate dhcp server and an bind slave with longtime zone caching is very usefull, too )
Regards
Jason C. Waters schrieb:
Is anyone using this? My smb.conf file has this line in server1(master)
passwd backend = ldapsam:"ldaps://ldap.server1 ldaps://ldap.server2"
and this is what server2(slave ldap, BDC) looks like:
passwd backend = ldapsam:"ldaps://ldap.server1 ldap.server2"
This is what happens. When I take down server 1's ldap server, server2 just starts using its local ldap server. But if I take down the VPN between the two, I try the same test, pdbedit -L, it works but it take about 6 seconds for it to timeout on server1. Is this normal or do I need to change some DNS setting? Thanks for your help.
Jason
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
