Re: [Samba] Multiple PDCs, Single Domain
On Mon, 2003-09-15 at 15:44, Michael Heironimus wrote: > On Mon, Sep 15, 2003 at 10:34:22AM -0500, Matt Schillinger wrote: > > > I have to admit that I don't see why you can't live live one PDC and X > > > BDCs. You would have construct your LDAP servers this way anyway. If a > > > PDC goes down (or the connection breaks) the BDC would still be able > > > process logons on his own. > > > > > The only Problem here is resources. The plan is that there are already > > machines that can be used as PDC, one per building. However, there isn't > > budget for a BDC per building, so the hope was to have a single BDC at > > the main building.. I can see that this would be difficult, particularly > > if ports 137-139 were blocked at T1 Router. > > You're trying to do it backwards. You want one PDC and multiple BDC's, > not the other way around. Take the machines that are slated for PDC use > and just use them as BDC's instead. You would do the same thing with > Windows servers, one PDC in the main building and a BDC at each remote > site. > I understand what the standard would be, but the reason that I'm trying 'backwards' is that I want to keep authentication traffic off of the T-1 connections that are used for internet/interbuilding traffic. So far, all i've come up with is to have no BDC, and have multiple PDC, each at their own building, with only WINS for the building, and no other buildings.. LDAP can still be centralized and replicated to each PDC. That's not the nicest (I'd like for clients to be able to browse the entire network), but i'm seeing alot of problems with the idea (such as who authenticates a request for Machine 'a' in building '1', when it wants a share from Machine 'b' in building '2' --- And, how do you prevent browsing data from saying that there's a PDC on each building?? Static Entries for PDCs??), so if it doesn't work right, i guess there's no choice. It is Obviously easier to do it the 'forward' way. I guess on that line, if someone could perhaps explain how much traffic i can expect out of authentication requests for say, 100 users / building (100/T-1).. Would a T-1 support such traffic without affecting the usability of internet? Thanks for all your help and prompt responses, Matt Schillinger [EMAIL PROTECTED] > To do what I think you want, you probably want a central LDAP server and > Samba PDC in your main building. In each remote building run a slave > LDAP server replicating from the main one and a Samba BDC. Look at > chapter 6 of the Samba-HOWTO-Collection document, it has a pretty > thorough description of how all this works. > > -- > Michael Heironimus > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple PDCs, Single Domain
On Sun, 2003-09-14 at 09:05, Dariush Forouher wrote: > Am Fr, 2003-09-12 um 22.51 schrieb Matt Schillinger: > > Hello, > > > > I have a rather experimental question to ask. > > > > I know that under standard circumstances, that you cannot have multiple > > PDC for a single domain, as they will conflict with each other. > > > > I am dealing with a case of a school district, where there are multiple > > buildings.There are T-1s that tie together each of the buildings, then a > > bonded T-1 grants access to the internet through the main admin > > building. They would like to have a single domain, but would like to > > keep T-1 traffic to a minimum. They also want to continue with service > > when T-1 outages occur. > > > > What I was wondering is, if this could be made possible.. > > > > a PDC at each building, that ties into a slave LDAP server. > > The only way to archive this, would be to hide those PDCs from each > other. So you would have to block ports 137-139 at each T1 router. > Would there still be a way that nmbd could be setup so that all hosts would be visible in Network Neighborhood? > > At the Administration Building, There is a master LDAP Server. > > > > Optimally, if the Administration building could have a single BDC > > (Obviously, BDC functionality would only be available when T-1 > > connectivity is functioning), that would be great. > > > > I am wondering if this could somehow be accomplished with intelligent > > usage of nmbd services keeping PDC selection problems out of the way.. > > Optimally, having a method of a full mapping of all hosts via nmbd would > > be the best scenario, proxying to a central wins server. I fear that may > > result in PDC in-fighting.. > > I have to admit that I don't see why you can't live live one PDC and X > BDCs. You would have construct your LDAP servers this way anyway. If a > PDC goes down (or the connection breaks) the BDC would still be able > process logons on his own. > The only Problem here is resources. The plan is that there are already machines that can be used as PDC, one per building. However, there isn't budget for a BDC per building, so the hope was to have a single BDC at the main building.. I can see that this would be difficult, particularly if ports 137-139 were blocked at T1 Router. > ciao > Dariush -- Matt Schillinger System Administrator FlightSafety International [EMAIL PROTECTED] 314-551-8403 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple PDCs, Single Domain
Hello, I have a rather experimental question to ask. I know that under standard circumstances, that you cannot have multiple PDC for a single domain, as they will conflict with each other. I am dealing with a case of a school district, where there are multiple buildings.There are T-1s that tie together each of the buildings, then a bonded T-1 grants access to the internet through the main admin building. They would like to have a single domain, but would like to keep T-1 traffic to a minimum. They also want to continue with service when T-1 outages occur. What I was wondering is, if this could be made possible.. a PDC at each building, that ties into a slave LDAP server. At the Administration Building, There is a master LDAP Server. Optimally, if the Administration building could have a single BDC (Obviously, BDC functionality would only be available when T-1 connectivity is functioning), that would be great. I am wondering if this could somehow be accomplished with intelligent usage of nmbd services keeping PDC selection problems out of the way.. Optimally, having a method of a full mapping of all hosts via nmbd would be the best scenario, proxying to a central wins server. I fear that may result in PDC in-fighting.. Thanks to any clever, savvy person who can help, -- Matt Schillinger [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba backup software
It is costly, but Veritas has products that run on linux.. We use Veritas Datacenter, which runs on a linux server, and backs up 6TB of data. We are working on migrating up from ait2 technology, and are deciding on whether to go to ait3, or SuperDLT.. We had to upgrade beyond amanda because it wasn't performing well enough. (but it was on DLT technology, so slower). i think we pay around $200 per client license, for about 30-40 clients. that does not include the actual datacenter server license. I can check on the datacenter license, but it will probably come down to speaking to a rep.. I can get you contact info if interested. Datacenter lets you do full and Incremental backups, restore single files, search clients/servers for files, and see different versions (based on backup date) of the file if needed. you can do archives for permanent (unexpired) tapes, or setup tape expiration policies for incrementals and fulls. You also have the ability to do restores to machines/directories OTHER than the original machine/directory (which is handy if the original disk that the data came from is now full and has no space for the restore.) Matt Schillinger [EMAIL PROTECTED] On Thu, 2003-03-06 at 16:23, Rick Segeberg wrote: > I'm curious to what people are using for backing up their samba servers. > Here's are some specs to consider: > > - 1TB (yes, that's terabyte) of data > - multiple servers backup to one tape drive connected to a server > (preferably a linux system) > - using an autoloader (in this case, an HP 1/9 LTO system) > - need to be able to backup daily changes and/or changes since last full > backup > > Currently I'm using Backup Exec from NetWare. The *nix client has no > support to do anything but a full. The archive bit obviously won't > work, and backing up based on date doesn't seem to work either (it still > does a full). I'm interested in finding a native linux solution since I > don't see a lot of point in having to use a Windows server with a *nix > client when I'm trying to get away from Windows. > > If you have suggestions or are using something you are happy with, > please respond. Currently, I'm evaluating Novastor's Novanet 8.5. I > know there are others that I can eval, I'm just interested in finding > out what others are using and happy with. > > Thanks. > > > > Rick Segeberg > Provo Site Manager, IT Department > The Waterford Institute > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > * > > This email may contain privileged or confidential material intended for the named > recipient only. > If you are not the named recipient, delete this message and all attachments. > Any review, copying, printing, disclosure or other use is prohibited. > We reserve the right to monitor email sent through our network. > > * > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 Authentication
Hello, This is my first time delving into non 2.2 samba, and attempting to develop a single authentication solution for windows and unix machines. Currently, we use nis for the unix machines (solaris 2.6-2.8, irix 6.5, linux, motorola), and there is NO PDC for windows. samba servers use nis and use unencrypted passwords for authentication. What I would like to do, is begin preparing for an upgrade to samba 3.0 (when it is production), as the company i work for, is implementing a windows 2000 initiative to all the satellite offices.. I would like, if possible, to provide a samba solution as opposed to windows 2000. With an ldap backend, can samba and Unix share the same user/passwords? or is there different schema/encryption methods for the two? I had planned on getting PADL's LDAP->NIS gateway for the older unixes that do not have direct LDAP authentication capabilities. Thanks for your help, -- Matt Schillinger [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba spanning subnets
First off, it sounds like what you have is a WINS issue, not a PDC issue. All you have to do is have a server designated as the 'WINS Server' aside from other configuration items, smb.conf should have 'wins server = yes' on the other 2 subnets, have 1 machine / subnet act as a wins proxy wins proxy = Then they will forward their subnet's netbios info to the primary WINS Server. >From there, all you have to do is have all of your clients point their wins server to There is another solution that is a little easier, yet requires you to have a setup so that 1 machine can connect to all three subnets (3 nic cards).. In this case, just setup 'wins server = yes', and point all your clients to the appropriate ip address (you can point clients to a local subnet interface, or just point to one of the interfaces), and you will have a browseable network. Matt Schillinger [EMAIL PROTECTED] On Tue, 2003-02-25 at 14:20, Ben Hall wrote: > Hello, > > I am in the process of trying to get a large network (300+ systems) spanning > 3 subnets to be able to display all windows machines in the Network > Neighborhood. After reading through copious amounts of documentation, using > Samba as a domain controller and then having systems on each subnet seemed > to be the best approach. > > I set one of the machines to be the domain controller for what was my > workgroup, and while all of my systems are visible to everyone on the > network, the browse lists for the rest of the network are still limited to > whatever subnet the client machine is on. > > At this point it looks as though I would have to set up a domain controller > for each of the 20+ workgroups. Of course this is infeasible. Am I missing > something? > > A few machines are set up to use and proxy WINS, one of my systems is acting > as the WINS server, this has had no noticeable effect on the network. > > Just to make things interesting, my network consists of just about every > version of Windows since 95, MacOS from version 7 to 10.2, Sun Solaris 8 and > the odd Linux machine. > > > Any help would be very much appreciated. > > Cheers, > > Ben > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- Matt Schillinger System Administrator FlightSafety International [EMAIL PROTECTED] 314-551-8403 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba using Virtual Servers (load balancing)
I may stand corrected. Did a quick search and found this site.. Perhaps it can guide you to a load balanced solution. I haven't read all the relevant posts in depth, but they look promising. http://www.faqchest.com/linux/samba-l/smb-02/smb-0208/smb-020825/ Matt Schillinger On Tue, 2003-02-25 at 03:46, Simon Hobson wrote: > Leroy van Logchem wrote: > > >A simple diagram of the setup I have in mind: > > > >Users (+/- 500) > >||| > >Headnode(Director 1) - Headnode (Director 2) > >| > >Worknode - Worknode - Worknode ... > >| > >Large RAID5 NAS boxes (NFS only) > > > >Thanks for any information/pointers in the right direction. > >(all directions are open: lvs,mosix,) > > I can't answer the question, but I would have thought file locking > would be incredibly difficult ! > > Simon > > -- > Simon Hobson, Technical Services Engineer > Colony Gift Corporation Limited > Lindal in Furness, Ulverston, Cumbria, LA12 0LD > Tel 01229 461100, Fax 01229 461101 > > Registered in England No. 1499611 > Regd. Office : 100 New Bridge Street, London, EC4V 6JA. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- Matt Schillinger System Administrator FlightSafety International [EMAIL PROTECTED] 314-551-8403 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba using Virtual Servers (load balancing)
I believe that others are correct (look at linuxvirtualserver.org for documentation and discussions on Samba in a clustered mode) in that CIFS' peer to peer concept is very stateful.. On the other hand, samba can be made 'Highly available' without alot of trouble. I have a High Available File server (NFS and Samba) configuration with 2 nodes, in an active-active configuration. If one of the servers is hung up, or requires maintenance, its services (including samba) will failover to the other node. If a client is in the middle of a samba served file operation, they will see an error, but an immediate retry of the file operation will work fine from the failover server. Because of CIFS' handling of files, it is very safe, because if you are performing a file move, the original file is not deleted until after a 'copy' is completed. So, if there's a failure, all you need to do is restart the procedure. Matt Schillinger [EMAIL PROTECTED] On Tue, 2003-02-25 at 03:21, Leroy van Logchem wrote: > Hello fellow samba users, > > Our company uses samba for all fileshares/printing/PDC on > two SUN E3500's. We like to replace these with about 10 > Linux 19" XEON (pizza)boxes. The question: Are there > any implementation out there using a loadbalancing cluster > doing samba? > > A simple diagram of the setup I have in mind: > > Users (+/- 500) > ||| > Headnode(Director 1) - Headnode (Director 2) > | > Worknode - Worknode - Worknode ... > | > Large RAID5 NAS boxes (NFS only) > > Thanks for any information/pointers in the right direction. > (all directions are open: lvs,mosix,) > > > Regards, > | > | Leroy(dot)vanLogchem (at) wldelft(dot)nl > | Systems Group > | WL | Delft Hydraulics - http://www.wldelft.nl > | > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- Matt Schillinger System Administrator FlightSafety International [EMAIL PROTECTED] 314-551-8403 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Password Syncronization
Is there any functionality to allow a samba pdc syncronize password databases with NT/2000 machines? in TNG or otherwise? 3.0? Matt Schillinger [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP auth with nis.schema
Is it possible to get samba to act as a PDC with "encrypt passwords = no" ?? Matt Schillinger [EMAIL PROTECTED] On Sat, 2003-02-22 at 12:12, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Thu, 20 Feb 2003, Odd Rune Dahle wrote: > > > I'm wondering if it's possible to get samba to auth against LDAP without > > saving multiple hashes in the directory? I'd like to keep it to the hash > > that we use to auth unix-systems today, without cluttering the directory > > with other hashes that need to be synchronized etc. > > not if you want to use "encrypt passwords = yes" > > > > > cheers, jerry > -- > Hewlett-Packard- http://www.hp.com > SAMBA Team -- http://www.samba.org > GnuPG Key http://www.plainjoe.org/gpg_public.asc > "You can never go home again, Oatman, but I guess you can shop there." > --John Cusack - "Grosse Point Blank" (1997) > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.0 (GNU/Linux) > Comment: For info see http://quantumlab.net/pine_privacy_guard/ > > iD8DBQE+V72MIR7qMdg1EfYRAqGpAJ9T9g2B/at5KnQUrg7wIfmvawV5WwCgk3x+ > +thtqjn9iR95ioYanAyLt1U= > =Zuy7 > -END PGP SIGNATURE- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- Matt Schillinger System Administrator FlightSafety International [EMAIL PROTECTED] 314-551-8403 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba in a High Availability Configuration
The results I get now (on a Windows NT4 machine) is: 1. start a copy from a local drive to a samba served drive. 2. failover the samba server to the secondary. 3. the copy seems to stall. 4. As the secondary server comes online (or the IP comes online), the copy issues an error. I don't know if the error is due to server state, or that the IP comes up for a second with no samba server bound to the interface. This is why i am interested in seeing if bind interfaces only option can be accomplished without actually having the IP aliases bound, so that the samba server can already be listening for the interfaces when the aliases come up. 5. Immediately starting the copy over (from the secondary server serving data) works fine.. no reconnects required. Matt Schillinger [EMAIL PROTECTED] On Tue, 2003-02-18 at 19:06, Martin Pool wrote: > On 18 Feb 2003, Matt Schillinger <[EMAIL PROTECTED]> wrote: > > > I'm sorry to post High availability oriented questions to this list, but > > I was wondering about some samba configuration parameters and what > > options are available. > > You're welcome, this is on-topic here. > > > What I am interested in, is seamless failover, completely hidden from > > the client in the middle of a copy.. Hopefully, they would only see a > > stall in the copy.. > > My understanding is that this is very hard (or impossible) to do at > the moment. There is a lot of complicated statefulness in the CIFS > protocol (unlike, say, NFS) and so switching to another server in the > middle of an operation would, at the least, require a great deal of > new development work in Samba. > > There would need to be some kind of shared storage between the two > machines holding everything the server needs to know about active > connections. This would be much deeper than just what's in the tdbs. > Perhaps somebody more experienced can give more details. > > The best you can do is allow that connection to fail and then for the > client to reconnect. > > -- > Martin -- Matt Schillinger System Administrator FlightSafety International [EMAIL PROTECTED] 314-551-8403 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba in a High Availability Configuration
Hello, I'm sorry to post High availability oriented questions to this list, but I was wondering about some samba configuration parameters and what options are available. I am using heartbeat, and to make a long story short, i have a floating IP alias between 2 servers. (192.168.1.1 for example). When one server is serving the data, it 'has' this ip. if the server fails over, the other machine takes over the IP alias address, and starts samba. In order to make this work correctly, i have to use the 'interfaces' smb.conf option, which sets smbd to listen to only certain ip addresses. I also have bind interfaces only option on, which is required to prevent two simultaneous smbd processes from binding to the same interface IP. What I am interested in, is seamless failover, completely hidden from the client in the middle of a copy.. Hopefully, they would only see a stall in the copy.. Currently though, I get failed file operations because of the bind interfaces only option. the Bind interfaces only option requires that the 'interface' ip be 'UP' in order for samba to start correctly. This causes problems because to bring the IP address 'UP' before starting the samba server means that the client sees that there is no server processing requests on the ip for a small amount of time, which results in a failed operation. I wonder if there is a way to have samba bind only to certain IP addresses, but not require those addresses to be live at startup. Thanks for all your work in the Open Source community, -- Matt Schillinger [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
