I am a bit confused, about the LDAP master-slave and BDC. I have an Samba-LDAP server that serves as my PDC. All my users authenticate to this server. I would like to set up a BDC for failover. What is the difference between a BDC and a LDAP Slave server? Second part. Does anyone on this list have this type of configuration, PDC-BDC or Master/Slave and can help do the same? -Thank you Mark
On Thursday 19 May 2005 20:04, Msdigital wrote:> I am a bit confused, about the LDAP master-slave and BDC. I have an > Samba-LDAP server that serves as my PDC. All my users authenticate to this > server. I would like to set up a BDC for failover. What is the difference > between a BDC and a LDAP Slave server?A BDC is a NT4 domain controller that handles network logon authentication. A Samba BDC will relay all network account updates to a PDC. Only the PDC will write to the passdb backend. A BDC will read authentication data from the passdb backend it is configured to use. A Slave LDAP server is a read-only mirror of an LDAP Master server. A PDC would normally be directed at a Master LDAP server, but can work with a Slave LDAP server. If a PDC is configured to use a Slave LDAP server all write requests to the directory will be handled via a referral to the Master LDAP server. In other words, all write requests are handled by the Master LDAP server. It does not matter whether a BDC uses a Master or a Slave LDAP server - it only ever reads directory information from it. What do you mean by fail-over? A BDC can handle network logon requests, but it can never replace a PDC. In other words, the PDC is still the weakest link. If a PDC is off the air for a prolonged outage the network will eventually fail.> Second part. > > Does anyone on this list have this type of configuration, PDC-BDC or > Master/Slave and can help do the same?Please refer to the book: "Samba-3 by Example" Chapters 5 and 6. You can obtain a copy from: http://www.samba.org/samba/docs/Samba-Guide.pdf Enjoy. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.
Thank you for the explanation. It is clear to me now. Your last comment is interesting. If the PDC is the weakest link, what are the other alternatives that are strong links? By fail-over I mean if the authentication server fails or is down, my user would still be able to login and use the workstation. -mark ----- Original Message ----- From: "John H Terpstra" <jht@Samba.Org> To: <samba@lists.samba.org>; "Msdigital" <mark@msdigitaldzines.com> Sent: Thursday, May 19, 2005 8:09 PM Subject: Re: [Samba] LDAP master-slave and BDC ?> On Thursday 19 May 2005 20:04, Msdigital wrote: >> I am a bit confused, about the LDAP master-slave and BDC. I have an >> Samba-LDAP server that serves as my PDC. All my users authenticate to >> this >> server. I would like to set up a BDC for failover. What is the difference >> between a BDC and a LDAP Slave server? > > A BDC is a NT4 domain controller that handles network logon > authentication. > A Samba BDC will relay all network account updates to a PDC. Only the PDC > will > write to the passdb backend. A BDC will read authentication data from the > passdb backend it is configured to use. > > A Slave LDAP server is a read-only mirror of an LDAP Master server. A PDC > would normally be directed at a Master LDAP server, but can work with a > Slave > LDAP server. If a PDC is configured to use a Slave LDAP server all write > requests to the directory will be handled via a referral to the Master > LDAP > server. In other words, all write requests are handled by the Master LDAP > server. > > It does not matter whether a BDC uses a Master or a Slave LDAP server - it > only ever reads directory information from it. > > What do you mean by fail-over? A BDC can handle network logon requests, > but it > can never replace a PDC. In other words, the PDC is still the weakest > link. > If a PDC is off the air for a prolonged outage the network will eventually > fail. > >> Second part. >> >> Does anyone on this list have this type of configuration, PDC-BDC or >> Master/Slave and can help do the same? > > Please refer to the book: "Samba-3 by Example" Chapters 5 and 6. You can > obtain a copy from: > > http://www.samba.org/samba/docs/Samba-Guide.pdf > > Enjoy. > > - John T. > -- > John H Terpstra > Samba-Team Member > Phone: +1 (650) 580-8668 > > Author: > The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 > Samba-3 by Example, ISBN: 0131472216 > Hardening Linux, ISBN: 0072254971 > Other books in production. > >
The BDC pretty much gets the same treatment as the PDC. Meaning I would have to set-it up like an LDAP server? Can I just copy my smb.conf from my LDAP server, and make a few adjustments? What would those changes or what should I look for to change in my BDC smb.conf configuration? -mark -----Original Message----- From: samba-bounces+mes4294=lausd.k12.ca.us@lists.samba.org [mailto:samba-bounces+mes4294=lausd.k12.ca.us@lists.samba.org] On Behalf Of John H Terpstra Sent: Thursday, May 19, 2005 8:10 PM To: samba@lists.samba.org; Msdigital Subject: Re: [Samba] LDAP master-slave and BDC ? On Thursday 19 May 2005 20:04, Msdigital wrote:> I am a bit confused, about the LDAP master-slave and BDC. I have an > Samba-LDAP server that serves as my PDC. All my users authenticate to this > server. I would like to set up a BDC for failover. What is the difference > between a BDC and a LDAP Slave server?A BDC is a NT4 domain controller that handles network logon authentication. A Samba BDC will relay all network account updates to a PDC. Only the PDC will write to the passdb backend. A BDC will read authentication data from the passdb backend it is configured to use. A Slave LDAP server is a read-only mirror of an LDAP Master server. A PDC would normally be directed at a Master LDAP server, but can work with a Slave LDAP server. If a PDC is configured to use a Slave LDAP server all write requests to the directory will be handled via a referral to the Master LDAP server. In other words, all write requests are handled by the Master LDAP server. It does not matter whether a BDC uses a Master or a Slave LDAP server - it only ever reads directory information from it. What do you mean by fail-over? A BDC can handle network logon requests, but it can never replace a PDC. In other words, the PDC is still the weakest link. If a PDC is off the air for a prolonged outage the network will eventually fail.> Second part. > > Does anyone on this list have this type of configuration, PDC-BDC or > Master/Slave and can help do the same?Please refer to the book: "Samba-3 by Example" Chapters 5 and 6. You can obtain a copy from: http://www.samba.org/samba/docs/Samba-Guide.pdf Enjoy. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba