RE: [Samba] Samba + LDAP over the WAN
No, It means we'll give up on trying to change the password for now. But no bad guy will kick us. And don't worry. We won't give up. We will come back later to try and change it again and again and again... ;-) Bruno Guerreiro >-Original Message- >From: Michael Gasch [mailto:[EMAIL PROTECTED] >Sent: quarta-feira, 7 de Setembro de 2005 15:07 >To: Collins, Kevin >Cc: samba@lists.samba.org >Subject: Re: [Samba] Samba + LDAP over the WAN > > >hi, > >there were several threads about this topic and what cares >myself is the >following extract from this thread "[Samba] BDC, >documentation, Machine >Accounts Keep Expiring" > >/* if this next call fails, then give up. We can't do > password changes on BDC's --jerry */ > >this is code from change_trust_pw.c > >does this really mean that pw changes fail and machines are kicked out >the network, if they try to contact a BDC for changes in case >PDC is down? > >greez > >Collins, Kevin wrote: >> Since we're on the subject of Samba over the WAN >> >> (BTW, I'm running three offices with a Samba 3.0.9 PDC and >two Samba 3.0.9 BDCs over an FreeSwan based WAN and it works >just fine. The WINS server is a must in my book though.) >> >> Last Thursday and Friday, one of the remove office's WAN >lines went down. While the outages were significant, nothing >major happened because of it. But, it got me thinking about >what *could* have happened and that has raised these questions. >> >> Background: All servers running RHEL 3.0, up2date'd. Samba >version is 3.0.9.something.that.RedHat.Adds OpenLDAP used for >ldapsam password backend. Master OpenLDAP server is located >in my office, each office has a replica. >> >> 1). If someone would have decided to change their password >while the line was down, what would have been the net effect? >I know the change would not have been applied to the replica >LDAP server, but would it have been queued until the Master >LDAP server could have been contacted? >> >> 2). I know that each workstation in the domain changes its >machine password at a random time, what would have happened >during this process if the WAN was down? >> >> 3). Are there any other problems that could be caused by a >WAN outage that can be called disasterous? What would those be? >> >> 4). Any recommendations to minimize No. 3 above? >> >> -- >> Kevin L. Collins, MCSE >> Systems Manager >> Nesbitt Engineering, Inc. >> > > >-- >Michael Gasch >Max Planck Institute for Evolutionary Anthropology >Department of Human Evolution (IT) >Deutscher Platz 6 >D-04103 Leipzig >Germany > >Phone: 49 (0)341 - 3550 137 >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + LDAP over the WAN
hi, there were several threads about this topic and what cares myself is the following extract from this thread "[Samba] BDC, documentation, Machine Accounts Keep Expiring" /* if this next call fails, then give up. We can't do password changes on BDC's --jerry */ this is code from change_trust_pw.c does this really mean that pw changes fail and machines are kicked out the network, if they try to contact a BDC for changes in case PDC is down? greez Collins, Kevin wrote: Since we're on the subject of Samba over the WAN (BTW, I'm running three offices with a Samba 3.0.9 PDC and two Samba 3.0.9 BDCs over an FreeSwan based WAN and it works just fine. The WINS server is a must in my book though.) Last Thursday and Friday, one of the remove office's WAN lines went down. While the outages were significant, nothing major happened because of it. But, it got me thinking about what *could* have happened and that has raised these questions. Background: All servers running RHEL 3.0, up2date'd. Samba version is 3.0.9.something.that.RedHat.Adds OpenLDAP used for ldapsam password backend. Master OpenLDAP server is located in my office, each office has a replica. 1). If someone would have decided to change their password while the line was down, what would have been the net effect? I know the change would not have been applied to the replica LDAP server, but would it have been queued until the Master LDAP server could have been contacted? 2). I know that each workstation in the domain changes its machine password at a random time, what would have happened during this process if the WAN was down? 3). Are there any other problems that could be caused by a WAN outage that can be called disasterous? What would those be? 4). Any recommendations to minimize No. 3 above? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + LDAP over the WAN
Collins, Kevin schrieb: Since we're on the subject of Samba over the WAN (BTW, I'm running three offices with a Samba 3.0.9 PDC and two Samba 3.0.9 BDCs over an FreeSwan based WAN and it works just fine. The WINS server is a must in my book though.) Last Thursday and Friday, one of the remove office's WAN lines went down. While the outages were significant, nothing major happened because of it. But, it got me thinking about what *could* have happened and that has raised these questions. Background: All servers running RHEL 3.0, up2date'd. Samba version is 3.0.9.something.that.RedHat.Adds OpenLDAP used for ldapsam password backend. Master OpenLDAP server is located in my office, each office has a replica. 1). If someone would have decided to change their password while the line was down, what would have been the net effect? I know the change would not have been applied to the replica LDAP server, but would it have been queued until the Master LDAP server could have been contacted? 2). I know that each workstation in the domain changes its machine password at a random time, what would have happened during this process if the WAN was down? 3). Are there any other problems that could be caused by a WAN outage that can be called disasterous? What would those be? 4). Any recommendations to minimize No. 3 above? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. Hi, as far i know, ldap master-slave is a oneway thing, and the slave is/should not be writable so if you do any changes on the slave this will have no effect to the slave, it works with its last replica and gets the newest replice if the line is up again, by slurpd. For my information this will change until samba 4 is comming, as far i heared samba4 should have funktions like the active directory which has this funktions of replications between "pdc/bdc" perhaps you should ask the development team of samba 4 if this will work and how.i am not sure if they will use a orginal ldap server for doing such stuff or will write their own procedure for doing replicate of active dir entries There may be some hacks for ldap to manage such things just right now but i am not a guru in ldap.. Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + LDAP over the WAN
Since we're on the subject of Samba over the WAN (BTW, I'm running three offices with a Samba 3.0.9 PDC and two Samba 3.0.9 BDCs over an FreeSwan based WAN and it works just fine. The WINS server is a must in my book though.) We have a fifteen site WAN with sites linked via Frame Relay, point-to-point T1s, and ISDN Last Thursday and Friday, one of the remove office's WAN lines went down. While the outages were significant, nothing major happened because of it. But, it got me thinking about what *could* have happened and that has raised these questions. Background: All servers running RHEL 3.0, up2date'd. Samba version is 3.0.9.something.that.RedHat.Adds OpenLDAP used for ldapsam password backend. Master OpenLDAP server is located in my office, each office has a replica. Same, we have a central OpenLDAP server on SuSe and various replicants. 1). If someone would have decided to change their password while the line was down, what would have been the net effect? The attempt would fail. I know the change would not have been applied to the replica LDAP server, but would it have been queued until the Master LDAP server could have been contacted? No. 2). I know that each workstation in the domain changes its machine password at a random time, what would have happened during this process if the WAN was down? The change password would fail, it would try again later. 3). Are there any other problems that could be caused by a WAN outage that can be called disasterous? No, we've had sites drop off the WAN for days with no significant issues. What would those be? 4). Any recommendations to minimize No. 3 above? Start your own phone company? :) One that doesn't suck. -- Adam Tauno Williams - http://www.whitemice.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP over the WAN
Since we're on the subject of Samba over the WAN (BTW, I'm running three offices with a Samba 3.0.9 PDC and two Samba 3.0.9 BDCs over an FreeSwan based WAN and it works just fine. The WINS server is a must in my book though.) Last Thursday and Friday, one of the remove office's WAN lines went down. While the outages were significant, nothing major happened because of it. But, it got me thinking about what *could* have happened and that has raised these questions. Background: All servers running RHEL 3.0, up2date'd. Samba version is 3.0.9.something.that.RedHat.Adds OpenLDAP used for ldapsam password backend. Master OpenLDAP server is located in my office, each office has a replica. 1). If someone would have decided to change their password while the line was down, what would have been the net effect? I know the change would not have been applied to the replica LDAP server, but would it have been queued until the Master LDAP server could have been contacted? 2). I know that each workstation in the domain changes its machine password at a random time, what would have happened during this process if the WAN was down? 3). Are there any other problems that could be caused by a WAN outage that can be called disasterous? What would those be? 4). Any recommendations to minimize No. 3 above? -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
