samba - Jan 2013 - fail-over, redundancy, bdc, multi-dc-domain

I'm aware of, at least generally, how one would have done a
BDC/Redundant server under OpenLDAP Samba3.

However, rolling your own multi-domain-controller was fairly daunting
[for me] under Samba3 / OpenLDAP.

I've been very interested in Samba4 for the more integrated nature of
having LDAP/DNS/Samba all under one roof. [i.e. Fewer places where I
can screw it up horribly.]

However I'm also interested in how one can handle fail-over. I don't
need something totally seamless and "big-iron" style. A backup box
that would need some manual intervention would be fine.

So, something like an rsync'd backup box where the shared
files/accounts/etc are perhaps an hour out of date, and that would
require 15 minutes to bring up as a primary would be an acceptable
solution.

That's not to say I wouldn't want something better, but that's kind
of
the low end of the "acceptable" scale.

I've done some searches on the list and spent a while looking for
"examples" but I don't easily find any. [Using searches with:
samba4 bdc,
redundant, backup, etc. There are a ton of very old articles on the
list, but almost nothing I could find specifically on Samba4.]

Could some kind soul point me either to:
1) Search terms more likely to produce results, or some discussion threads or
2) wiki/how-to's on how to accomplish something in the neighborhood on this
subjet?

[Option #2 preferred.]

As a note, I'd be glad to help document this/provide a "here's what
I
did and how", provided it's something reasonable for me to apply to
the situation I'm referring to - so I'm more than glad to contribute
back where I can.

TIA
-Greg

On Tue, 2013-01-22 at 10:53 -0800, Gregory Sloop wrote:
> I'm aware of, at least generally, how one would have done a
> BDC/Redundant server under OpenLDAP Samba3.
> However, rolling your own multi-domain-controller was fairly daunting
> [for me] under Samba3 / OpenLDAP.
Yea... that is an understatement.  Replication... OpenLDAP...
<shivers/>.  It was rough, and then they switched to cn=config.  Never
bothered to make a single administrative tool worth @&^@*&@ and
that-one-developer harassed and insulted and was a general @&*%^@*$ to
anyone who tried [including me] - tools are for whimps! [and, you know,
people who have stuff to do, those whimps!].  Sad, OpenLDAP is a really
great project/product.
> I've been very interested in Samba4 for the more integrated nature of
> having LDAP/DNS/Samba all under one roof. [i.e. Fewer places where I
> can screw it up horribly.]
Yep, it does that.  Yay!  

Or you can look at it as one-stop horrible screw up;  kill it, and you
kill everything.
> However I'm also interested in how one can handle fail-over. I
don't
> need something totally seamless and "big-iron" style. A backup
box
> that would need some manual intervention would be fine.
> So, something like an rsync'd backup box where the shared
> files/accounts/etc are perhaps an hour out of date, and that would
> require 15 minutes to bring up as a primary would be an acceptable
> solution.
It does hot-replication of the SAM (at least).  In theory it does
replication of DNS [if you are using internal DNS] but there might be
some bugs there.  It doesn't replicate the sysvol [yet], you gotta do
that yourself, old-school.
> That's not to say I wouldn't want something better, but that's
kind of
> the low end of the "acceptable" scale.
It is above your acceptable out-of-the-box.
> I've done some searches on the list and spent a while looking for
> "examples" but I don't easily find any. [Using searches with:
samba4 bdc,
> redundant, backup, etc. There are a ton of very old articles on the
> list, but almost nothing I could find specifically on Samba4.]
Create a DC, add a another DC, done.  Move on.  
> Could some kind soul point me either to:
> 1) Search terms more likely to produce results, or some discussion threads
or
> 2) wiki/how-to's on how to accomplish something i the neighborhood on
this subjet?
> [Option #2 preferred.]
The Samba4 wiki!  <http://wiki.samba.org/index.php/Samba4>

And you need to read up on Active Directory.
> As a note, I'd be glad to help document this/provide a "here's
what I
> did and how", provided it's something reasonable for me to apply
to
> the situation I'm referring to - so I'm more than glad to
contribute
> back where I can.
Create an account on the wiki.

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA

On Tue, 2013-01-22 at 10:53 -0800, Gregory Sloop wrote:
> I'm aware of, at least generally, how one would have done a
> BDC/Redundant server under OpenLDAP Samba3.
> 
> However, rolling your own multi-domain-controller was fairly daunting
> [for me] under Samba3 / OpenLDAP.
> 
> I've been very interested in Samba4 for the more integrated nature of
> having LDAP/DNS/Samba all under one roof. [i.e. Fewer places where I
> can screw it up horribly.]
Most of our users find that Samba 4.0 'just works' for them as an AD DC,
even replicating to a second DC. 
> However I'm also interested in how one can handle fail-over. I
don't
> need something totally seamless and "big-iron" style. A backup
box
> that would need some manual intervention would be fine.
Just replicating to a second DC should be fine.  You will need to
manually replicate the sysvol share, but that shouldn't be hard.
> So, something like an rsync'd backup box where the shared
> files/accounts/etc are perhaps an hour out of date, and that would
> require 15 minutes to bring up as a primary would be an acceptable
> solution.
I would not recommend just rsyncing anything, except the sysvol files.
The reason is that rsync will not get a consistent snapshot of the
databases.  Joining a second DC will be much more seamless. 
> That's not to say I wouldn't want something better, but that's
kind of
> the low end of the "acceptable" scale.
> 
> I've done some searches on the list and spent a while looking for
> "examples" but I don't easily find any. [Using searches with:
samba4 bdc,
> redundant, backup, etc. There are a ton of very old articles on the
> list, but almost nothing I could find specifically on Samba4.]
> 
> Could some kind soul point me either to:
> 1) Search terms more likely to produce results, or some discussion threads
or
> 2) wiki/how-to's on how to accomplish something in the neighborhood on
this subjet?
The main HOWTO contains information on joining to an existing domain.
That is what you need to do on your second DC.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org