-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
| Or perhaps I don't understand something?
Just a guess but a BDC is probably going to do the same thing with the files that the LDAP backend would do. I.E. replicate the data from the server.
But how should it be done?
I have read the whole Samba Guide, and I think I didn't find a clue on that - it seems for me that using configurations similar to these presented in Samba Guide would result in different roaming profiles on each domain controller.
File replication is a different thing than LDAP replication:
- files are big, LDAP queries are just a hundred bytes each,
- file operations are read and write, LDAP are read mostly,
- LDAP is one read/write master server and multiple read-only slaves,
- with PDC and BDCs files can be read from and written to each server (PDC, BDC1, BDC2 etc.) - there is no "central" server which takes care of everything.
So, now imagine this situation:
We have a university/school facility with two buildings. Additionally, there is a campus nearby with 4 buildings. So 6 buildings in total.
They are connected together using VPN over internet link - 1 Mbit down/upload in each building.
Students have classes in each building, which means they should be able to log in and use their roaming profiles in each building, and also in each building in a campus.
To keep traffic to the minimum, there is a domain controller + LDAP slave in each building: from 09.00-11.00 student Joe has classes in building A, so he uses domain controller (DC-A) in that building, and from 11.15-14.00 he has classes in building B (and therefore, uses DC-B). After that he makes his homework in the campus - so after each logout, his profile should be immediately replicated to other domain controllers in other buildings.
With LDAP it is easy: master controlls everything: for example when user changes his/her password, slave gives this change to the master, which replicates the data to other slaves. When master is unavailable (link down or master server down) user will be notified that the password can't be changed.
This is not the case with files.
Even if I use some handmade scripts which use rsync to upload files to other DCs after user logs out, this will obviously fail when one DC is down for some time or internet link/VPN is down:
- at 11.00 user Joe finishes his classes in building A, logs out, profile with important data is uploaded to other DCs,
- as there is no connection between building A and B (roadwork workers just broke the internet link between buildings), this results in different profiles in building A and B,
- at 11.15 logs in in building B, notices (or not), that his important data is incomplete,
- at 14.00 he logs out in building B, internet link is back, so his incomplete data from building B overwrites important, complete data in building A,
- we have data corruption, user confusion, students and staff loosing their data, admins fired etc. etc.
So here comes my question again: how should the profiles be synchronized between domain controllers? What are the best ways to do it? What are your experiences?
Hope the post wasn't too long :) but I think that the problem is not a trivial one, too.
Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
