Collins, Kevin
2002-Oct-29 14:57 UTC
[Samba] RE: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (succe ss, sort of)
Andrew Barlett wrote:> > Domain trusts (in terms of us being a PDC trusting other DCs) are > currenetly a work in progress. We hope to have it finished for Samba > 3.0. > > However, why do you need domain trusts? (There are lots of > good answers > to this question, but make sure you do have one of the answers). > > Samba 2.2 has always supported being a member server in a domain with > domain trusts, for the record. >Andrew: Interesting you should ask about the *need* for my three domains and their trusts. Myself and a junior-admin had this same discussion the day I wrote the post. Looking back, it just seemed the logical thing to do. You see, in the beginning the three domains weren't connected - definite need then. When we put the WAN in place we didn't want to "rip-out" anything, so we used the trusts to "bind" the domains together - *need* defined as we needed it working ASAP. Personally, I would prefer to keep them separate just for greater user/group control. But, I can also see that I may not *need* the independent PDCs that trust each other, but maybe a PDC and 2 BDCs. I'm looking hard at the latter just so I do not hit any major hurdles when moving to SAMBA. Thinking along those lines I must pose the question: Will a SAMBA BDC function as an NT BDC in that an NT BDC will cache (i.e. store locally) user/group/SID information and only update/sync with the PDC at a specified intervals? If we go with the one domain concept here, I'm going to need the BDCs in each office to basically "run the show" for that office when it comes to authentication. I do not want logons, etc. being passed to the PDC across a 128K frame line half-way across the state - except in an emergency like the BDC being offline. The reason I ask is that I've not tried to simulate this yet and it really is the only sticking point in the single domain plan (that I can see now). Thanks for your response and I hope that I have not broad-sided you with my theorizing and planning. Thanks, Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2270 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20021029/870bae10/smime.bin
Steve Langasek
2002-Oct-29 15:43 UTC
[Samba] Re: Samba PDCs/BDCs and Trusts WAS: auth to two diff PDCs? (succe ss, sort of)
On Tue, Oct 29, 2002 at 09:45:26AM -0500, Collins, Kevin wrote:> But, I can also see that I may not *need* the independent PDCs that > trust each other, but maybe a PDC and 2 BDCs. I'm looking hard at the > latter just so I do not hit any major hurdles when moving to SAMBA. > Thinking along those lines I must pose the question: Will a SAMBA BDC > function as an NT BDC in that an NT BDC will cache (i.e. store locally) > user/group/SID information and only update/sync with the PDC at a > specified intervals?Having one PDC and two BDCs also gives you greater fault-tolerance than having three domains with a single PDC each. Samba+LDAP can give you this fault tolerance; it can't give you trust relationships today, without a lot of finagling. Steve Langasek postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20021029/e1a2c751/attachment.bin