samba - Aug 2007 - maybe I should explain what i am after!

I have sent a few messages already, but perhaps I should start from the other 
side, and give a clear indication of what I want to achieve. Well, here 
goes...

I am working for a volunteer organization. They have quite a few Windows 
workstations, most W98, and a few XPs (and, currently, one Vista). There is 
one Linux server, running Samba, and holding all shares. It also acts as the 
PDC, and all users can log in to it.

Now this server begins to be somewhat flaky, and I should like to add a second 
server, initially to act as a BDC, then to take over the operation so I can 
take down the current server and find out what' s wrong with it. Copying the
data is no problem (it is some 300G, so it took some time), but then?

I started just copying the smb.conf from the primary controller, and setting 
the priority somewhat lower. I assumed that it would just lose the election 
from the PDC, and still stay present, and available.

I am aware of the difficulties of keeping the user directories in sync; this 
would, in due course, require LDAP, but for the moment I decided that the 
user population is quite stable, so I just copy /etc/passwd and /etc/shadow 
and smbpasswd over in the --rare-- event that a user is added or removed.

1. It is quite hard to even make the second controller visible. In fact, I had 
to include a remote announce = <Ip address of PDC>/<workgroup name>
line
before it even showed up in Network Environment. And I am quite unsure 
whether this is the right way, it just worked, to some extent.

2. I am not sure whether the backup domain controller will function as such. 
How could I be? If I take down the primary I might find out, but the server 
is too critical for the whole organization to just try. How can I make sure 
that a BDC will work without taking down the PDC?

3. And then there is the irregular behavior which I mentioned before. 
Sometimes the host is visible, but the shares are inaccessible; sometimes I 
can even get a view of the shares, but I cannot access them. In addition, i 
have a far simpler configuration at home, where I can just read and write to 
the shares. So I know it can be done, but what are the rules?

And I am no Windows expert. I know quite a lot about Linux, but the apparent 
(lack of) logic in Windows baffles me.

That is the background. Maybe it helps to get the right answers. thanks in 
advance for any attempts.

BTW I am quite happy with an RTFM answer, as long as it's accompanied with a
URL. I have read quite a few FMs, but so far without real enlightenment...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

joop gerritse wrote, On 03-08-2007 16:07:
> I started just copying the smb.conf from the primary 
> controller, and setting the priority somewhat lower.
> I assumed that it would just lose the election from
> the PDC, and still stay present, and available.
	No, that's not //just// like that. You need to
change a few options in order to get the PDC/BDC expected
behaviour.

> I am aware of the difficulties of keeping the user 
> directories in sync; this would, in due course, require
> LDAP, but for the moment I decided that the user
> population is quite stable, so I just copy /etc/passwd
> and /etc/shadow and smbpasswd over in the --rare-- event
> that a user is added or removed.
	In fact, filesystem sync and account sync are two
different problems, they are related but not dependent.
You could use vampire or tdbsam or winbind or LDAP to keep
accounts in sync.

> 1. It is quite hard to even make the second controller 
> visible. In fact, I had to include a remote announce > <Ip address of
PDC>/<workgroup name> line before it even
> showed up in Network Environment. And I am quite unsure
> whether this is the right way, it just worked, to some 
> extent.
	No, it is not. You should use a WINS server,
probably on the PDC, and properly use other paramenters
in smb.conf like 'local master' and 'preferred master'.

> 2. I am not sure whether the backup domain controller 
> will function as such. How could I be?
	Did you check the Official Samba HOWTO? Specially
the Domain Control chapter?

http://samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id327269
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html

> If I take down the primary I might find out, but the 
> server is too critical for the whole organization to
> just try. How can I make sure that a BDC will work
> without taking down the PDC?
	First of all, you should use the right commands
and configuration options (man smb.conf) and you can
use a small network for the BDC, change a workstation
from PDC network to BDC one and see if it works.

> 3. And then there is the irregular behavior which I 
> mentioned before. Sometimes the host is visible, but
> the shares are inaccessible; sometimes I can even get
> a view of the shares, but I cannot access them. In
> addition, i have a far simpler configuration at home,
> where I can just read and write to the shares. So I
> know it can be done, but what are the rules?
	Samba needs some care and attention, specially
on special cases like PDC/BDC, the Samba By Example is
also a good read to understad real case scenarios.

http://samba.org/samba/docs/man/Samba-Guide/

> And I am no Windows expert. I know quite a lot about 
> Linux, but the apparent (lack of) logic in Windows
> baffles me.
> 
> That is the background. Maybe it helps to get the 
> right answers. thanks in advance for any attempts.
> 
> BTW I am quite happy with an RTFM answer, as long as 
> it's accompanied with a URL. I have read quite a few
> FMs, but so far without real enlightenment...
	This is not exactly a RTFM, but you will need to give
us more information if you really want help, smb.conf, logs
and better subject lines would be a great improvement.

	Kind regards,
- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGs7voCj65ZxU4gPQRCKGZAJ9WTXlq4h3te/i6GQcmtXrpDEhwiwCfaeGQ
+AChFqanodOyAjCBYF6uZL8=Y8nE
-----END PGP SIGNATURE-----

Translation: If you need help, sweat a little, and show us why we should.
Otherwise, RTFM.
 
Carlos

________________________________

From:  Felipe Augusto van de Wiel




        This is not exactly a RTFM, but you will need to give
us more information if you really want help, smb.conf, logs
and better subject lines would be a great improvement.