Re: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (success, sort of)

2002-10-29 Thread Simo Sorce 
There's another poor man way.
Use the classic smbpasswd file and use rsync to sync the file
periodically with a cron (of course you'll miss the ability to have
things promptly synced but generally this is a good enough solution for
many environments).

Simo.

On Tue, 2002-10-29 at 17:23, Steve Langasek wrote:
> On Tue, Oct 29, 2002 at 11:10:22AM -0500, Collins, Kevin wrote:
> > Steven Langasek wrote:
> > > Having one PDC and two BDCs also gives you greater 
> > > fault-tolerance than
> > > having three domains with a single PDC each.
> 
> > > Samba+LDAP can give you this fault tolerance; it can't give you trust
> > > relationships today, without a lot of finagling.
> 
> > > Steve Langasek
> > > postmodern programmer
> 
> > I understand the role of/need for the BDC, I'm just concerned about
> > flooding the WAN connections with replication traffic and not being able
> > to send things like e-mail or project files.  I can control the
> > replication in NT, but I need to know if I can do the same in SAMBA.
> > With all the "tweaks" god knows there should be. :-)
> 
> The only "pre-packaged" BDC implementation for Samba that I know of is
> based on LDAP.  With LDAP, only changes are replicated across the link,
> so you have no excess traffic associated with keeping the DCs in sync.
> Samba sorta skipped over the NT4 technology and went straight to an
> ActiveDirectory approach to management... :)
> 
> > I've thought about the LDAP course too but haven't given it enough
> > serious thought yet.  You know of a good HOWTO?
> 
> There is a Samba-PDC-LDAP HOWTO included with the Samba documentation.
> You can also find Ignacio Coupeau's step-by-step guide at
> .
> 
> Steve Langasek
> postmodern programmer
-- 
Simo Sorce - [EMAIL PROTECTED]
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399



signature.asc
Description: This is a digitally signed message part

RE: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (success, sort of)

2002-10-29 Thread Collins, Kevin 
Andrew Barlett wrote:
> 
> Domain trusts (in terms of us being a PDC trusting other DCs) are
> currenetly a work in progress.  We hope to have it finished for Samba
> 3.0.
> 
> However, why do you need domain trusts?  (There are lots of 
> good answers
> to this question, but make sure you do have one of the answers).
> 
> Samba 2.2 has always supported being a member server in a domain with
> domain trusts, for the record.
> 


Andrew:

Interesting you should ask about the *need* for my three domains and
their trusts.  Myself and a junior-admin had this same discussion the
day I wrote the post.  Looking back, it just seemed the logical thing to
do.  You see, in the beginning the three domains weren't connected -
definite need then.  When we put the WAN in place we didn't want to
"rip-out" anything, so we used the trusts to "bind" the domains together
- *need* defined as we needed it working ASAP.  Personally, I would
prefer to keep them separate just for greater user/group control.

But, I can also see that I may not *need* the independent PDCs that
trust each other, but maybe a PDC and 2 BDCs.  I'm looking hard at the
latter just so I do not hit any major hurdles when moving to SAMBA.
Thinking along those lines I must pose the question:  Will a SAMBA BDC
function as an NT BDC in that an NT BDC will cache (i.e. store locally)
user/group/SID information and only update/sync with the PDC at a
specified intervals?

If we go with the one domain concept here, I'm going to need the BDCs in
each office to basically "run the show" for that office when it comes to
authentication.  I do not want logons, etc. being passed to the PDC
across a 128K frame line half-way across the state - except in an
emergency like the BDC being offline.  The reason I ask is that I've not
tried to simulate this yet and it really is the only sticking point in
the single domain plan (that I can see now).

Thanks for your response and I hope that I have not broad-sided you with
my theorizing and planning.

Thanks,

Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.



smime.p7s
Description: application/pkcs7-signature