Diego Martin Fernandez Fazio
2006-Sep-28 14:55 UTC
[Samba] Autentication against BDC first
Hi all, I have this question, I ve got a master LDAP server on a remote
place and i want to install a PDC and a BDC and a slave ldap server in
other place.
Mi question is... may I force de WorkStations logging (read the
information )against the BDC first than PDC, so the READ trafic goes to
the Slave Ldap??? The problem is the network avoid READ traffic.
In the Samba FAQ recomends that the:
PDC--->use de Master Ldap and
the BDC --->use a Slave Ldap
this is a network map for the idea:
MASTER LDAP on Remote Site
|
|
Wan
|
|
SMB PDC SMB BDC Slave Ldap on LAN
|
|
|
WS
So when I log into the WS the BDC ask to the local Slave LDAP trough the
LAN network.
And if i need to change a password of the user on PDC goes trough WAN
and modify the master LDAP and this then modify the Slave LDAP trough
the WAN.
So... my question is can I configure my BDC with the priority.
Maybe... on the PDC set:
domainsmaster=yes
domainlogons=no
and on the BDC
domainmaster=no
domainlogons=yes.
Many many thanks and scuse my poor english.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/28/2006 11:56 AM, Diego Martin Fernandez Fazio escreveu:> Hi all, I have this question, I ve got a master LDAP server > on a remote place and i want to install a PDC and a BDC and > a slave ldap server in other place. > Mi question is... may I force de WorkStations logging (read > the information )against the BDC first than PDC, so the READ > trafic goes to the Slave Ldap??? The problem is the network > avoid READ traffic.You can have a local network using your BDC if it is the Master server of the network, yes it is possible, just follow the Samba Official HOWTO recommendation.> In the Samba FAQ recomends that the: > PDC--->use de Master Ldap and > the BDC --->use a Slave LdapYou can also have all the servers using the same LDAP backend, but that's a different story, the above model is the recommended one.> this is a network map for the idea: > > MASTER LDAP on Remote Site > | > | > Wan > | > | > SMB PDC SMB BDC Slave Ldap on LAN > | > | > | > WS > > So when I log into the WS the BDC ask to the local Slave LDAP trough the > LAN network. > > And if i need to change a password of the user on PDC goes trough WAN > and modify the master LDAP and this then modify the Slave LDAP trough > the WAN. > > So... my question is can I configure my BDC with the priority. > Maybe... on the PDC set: > > domainsmaster=yes > domainlogons=noYou need "domain logons = yes" to be the PDC. http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html> and on the BDC > domainmaster=no > domainlogons=yes. > > Many many thanks and scuse my poor english.The PDC needs to update the LDAP Master always, there are lots of things going on, computers change their passwords, people changes their passwords... You could use some strategy of data replication between the LDAPs to try to reduce the traffic, but it is also a different story. Kind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFHSXrCj65ZxU4gPQRAhLiAJ4zDHYJaFA2oRJ651LwEn8NTk4asgCdEKFs 9ye+Nj47ZPGYK3iWFKEW3kk=LL5M -----END PGP SIGNATURE-----