-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/19/2007 12:29 PM, Florian Zierer escreveu: > Felipe Augusto van de Wiel wrote: >> On 01/17/2007 07:32 AM, Florian Zierer escreveu: >> >>> Hi there, >>> I have a problem getting my Samba installation redundant. >>> I installed a PDC and a BDC working with 2 LDAP servers. >>> >>> The problem is, when users are logged in and the BDC fails, >>> the PDC does not take over the running sessions and vice >>> versa. >> >> And it shouldn't. :-) > > Ah, ok. Thanks for the clarification. I have nowhere read > something like a table about the features of a bdc.
You are welcome. ;) > Perhaps this would be good to mention in the official > samba howto at > http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html. > There is something written about bdcs but it would be good to have a > section like: > > What does it do? > - load balancing > - logons still possible if one dc fails > - ... > > What does it NOT do? > - take over running session > - ... > > There is so much Samba Documentation out there but it is difficult to > find the right answers. Usually the official documentation, this mail list and the wiki are the right place to check. If there are information that you think it should appear in the documentation, starting a wiki page can help, and I'm pretty sure that jht would like to get some patches to the docs. (Even if it takes sometime to get merged). If there are something out there that is missing to the official docs, please, report it, by doing that the documentation on the official central point can be improved. > What are the differences between a BDC and a PDC? One important point is that a PDC is able to write to the backend and BDCs are read-only. You should have only one PDC in your network and you can have more than one BDC. As you already know, BDCs share the load of the connections and they also play the role of keep the authentication working if the PDC is down for some reason. Reading the documentation of Samba you will also find differences like being or not the local master and so on, and if I'm not wrong, Microsoft also has articles explaining some of the differences. >> PDC/BDC strategy is used to share the load and keep your >> network running logons and so on, if you have a common backend >> then you can share the files and work something like a High >> Avaliability or CLustered environment. > > perhaps this should also be written on the official howto. As Volker already pointed, having HA and Clustered is not _really_ possible with Samba (right now), you can have resources that combined will provide you with some sort of good strategy to keep your clients up, but you will still have problems with "hot take over" of established connections. IMHO, that's why you can find info on the wiki and not yet on the HOWTO, because it is not yet the way that it should be. > There is not that much written about failure scenarios and > redundancy. What is going on if my pdc and the master ldap > server fail. Can the bdc still operate with the slave ldap? Yes. And that's has a little bit of description on the Samba Official HOWTO. BDCs should have Slave LDAPs, that are also read only, if the PDC dies, they can keep accepting authentication request, but if the files are in the PDC (which is the most common case) your users won't have access to it. That's why you will need an independent place to add your files, so if the PDC fails you still have access to the shares by authenticating against BDCs. And yes, indeed a good documentation of tested scenarios and reports would be great, and I do think the entire Samba Community would appreciate such effort. ;) > What is going on if the machine trust passwords are > changed in such a scenario? AFAIR, when the PDC is not available, BDCs are able to tell the clients that the password change is not allowed at this time and that they should retry later. > Do i have to "propagate" the bdc to a pdc (in smb.conf)? I don't think so. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFsP4WCj65ZxU4gPQRArXlAKCWyQ7D2AFRG6wK8fqfgpUTUwYjDACcCxRc UC+YMCiSHzYXqm5yOwiJ8SQ= =PYFa -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba