Was wondering if samba will run a BDC on a linux machine? In this scenario
the PDC is a NT box.
Details:
--------
We are using samba 2.2.2 with winbind in order to replicate the list of NT
users/groups on a NT 4 network. There is an existing NT 4 PDC running on the
network. Our software would like to know the complete list of users and
groups so it can manage access to resources.
To clarify: An network already exists with a set of user/groups. We have
software that needs to know the existing set of user/groups so it can use
these users/groups when assigning access to videos.
We tried the following: on Linux run samba 2.2.2 with winbind and nsswitch to
"add" the NT users to the linux machines set of users. Problem:
winbind leaks
memory. When you have 15,000 users in the PDC, logging into the linux machine
can take a long time. The linux machine hits the PDC an awful lot (network
traffic and PDC load) as it keeps updating its list.
It appears that we could solve this problem if the Linux machine were also a
BDC (it is NOT currently a PDC). Then the PDC and BDC would communicate using
their own protocls and hopefully on user/group UPDATES would be sent across
the wire thereby reducing network traffic enormously and reding the load on
the PDC. Additionally winbindd would talk locally (to the BDC) so it would
work more efficiently.
NOTE:
I dont trust that the "winbind cache time" option for winbindd does
anything
at all - in particular winbind is supposed to check for the PDC's
"sequence
number" as it keeps hitting the PDC. Has anyone tested this? Or perhaps the
PDC changes its sequence number every other minute andf so the cache doesnt
seem to work. ??
Some questions:
1) Can samba be configured to run a BDC on a linux machine? And is stable?
With what version of samba?
2) Can winbindd be configured to talk to that BDC rather than a PDC?
3) I read the following from these newsgroups:> > Automatic user database replication between PDC and BDC is not yet
> > implemented in any samba, tng or not.
> >
> > The windows BDC will not import automatically the new users, except at
> > reboot, or if you restart that service, whatever it is.
This would imply that we cannot have a BDC on linux and that even if we did,
since the PDC-BDC does not import new users its wont be very useful.
Anyone??
4) I heard that the memory leaks in winbindd were fixed...anyone know of a
release version of this code (RPMs...).
5) When we configured winbindd we put entries into PAM. Perhaps we dont need
these entries? What our code does is call the C function getgrent and
getpwent (which I assume are the same as the "getent passwd" and
"getent
group" shell commands/programs whatever) - for these to work does PAM have
to
be involved?
--
Mike Papper
Digital Pipe
mike@digitalpipe.net
650-627-5100 ext. 5211