two PDCs
in [Samba]
|
From: Tamás Pisch on 12 Jul 2010 03:10 2010/7/9 Scott Grizzard <scott(a)scottgrizzard.com> Thank you for your detailed answer. If I recall > correctly, I think Chapter 6 refers to running BDC's in each remote > office, and only one PDC... > In that chapter, there are two scenarios (one domain in all branches, or separate domains with reduced traffic), and one more scenario mentioned as a possible alternative with multiple PDCs: "When Samba-3 is configured to use an LDAP backend, it stores the domain account information in a directory entry. This account entry contains the domain SID. An unintended but exploitable side effect is that this makes it possible to operate with more than one PDC on a distributed network. .... This concept has not been exhaustively validated, though we can see no reason why this should not work..." > I found it is much easier to set up two separate domains and have them > trust each other, using different branches of the same LDAP tree. > Then, let one server write to one branch, the other server write to > the other branch, and do multi-master replication between them. That > way, there is no worrying about simultaneous updates or any of that > jazz. Not as cool...or as elegant, but it made my life easier by > isolating problems. Of course, my users only visited each others' offices "occasionally". > If you have tons of movement between the offices, a one-domain > solution may be forced upon you... > > Unfortunately, a lot of users are roaming users (teachers with laptop, and users). My plan is that I will set up separate profile shares on both side, but at least they can use their own username and even change their password. So, I would like to try the multi-PDC scenario with master and slave LDAP server, but I worry about a little. >>> I have a PDC with master ldap backend and a BDC with slave ldap backend >>> (both are SaMBa 3.2 on Debian Lenny). I want to install an additional >>> SaMBa >>> server on an another site (on Debian Squeeze). The two sites is connected >>> with VPN (on not so reliable ADSL lines). I read an interesting network >>> scenario in the Samba Guide chapter 6: theoretically it is possible to >>> install one PDC on both site, with the same domain, server name, and SID. >>> I >>> like this idea, but: is there anyone who tried that, have experience with >>> it? >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Scott Grizzard on 12 Jul 2010 03:50 > Of course, my users only visited each others' offices "occasionally". >> If you have tons of movement between the offices, a one-domain >> solution may be forced upon you... >> >> Unfortunately, a lot of users are roaming users (teachers with laptop, and > users). My plan is that I will set up separate profile shares on both side, > but at least they can use their own username and even change their password. > So, I would like to try the multi-PDC scenario with master and slave LDAP > server, but I worry about a little. > How are you intending to keep roaming profiles in sync (the files on the server, not the stuff in LDAP)? Are you going to use rsync? ---- Scott Grizzard Scott(a)ScottGrizzard.com http://www.ScottGrizzard.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Tamás Pisch on 12 Jul 2010 04:40 2010/7/12 Scott Grizzard <scott(a)scottgrizzard.com> > > Of course, my users only visited each others' offices "occasionally". > >> If you have tons of movement between the offices, a one-domain > >> solution may be forced upon you... > >> > >> Unfortunately, a lot of users are roaming users (teachers with laptop, > and > > users). My plan is that I will set up separate profile shares on both > side, > > but at least they can use their own username and even change their > password. > > So, I would like to try the multi-PDC scenario with master and slave LDAP > > server, but I worry about a little. > > > > How are you intending to keep roaming profiles in sync (the files on > the server, not the stuff in LDAP)? Are you going to use rsync? > > No, it won't be a 100% solution: the profiles will be independent (but it will be a progress, comparing with the present situation: now, there is a workgroup there, and no central server...). For laptop users it won't be a problem: Windows syncs the locally stored profile to the server. For others, it will be a little unconfortable: they will have two different profiles. The SaMBa examples deal with relative small profiles, but here are bigger profiles: 30-100MB, and even bigger for teachers. I excluded only the Documents folder from the profile dir. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: tms3 on 12 Jul 2010 08:50 > > --- Original message --- > Subject: Re: [Samba] two PDCs > From: Scott Grizzard <scott(a)scottgrizzard.com> > To: Tamás Pisch <pischta(a)gmail.com> > Cc: <samba(a)lists.samba.org> > Date: Monday, 12/07/2010 12:38 AM > >> >> Of course, my users only visited each others' offices "occasionally". >>> >>> If you have tons of movement between the offices, a one-domain >>> solution may be forced upon you... >>> >>> Unfortunately, a lot of users are roaming users (teachers with laptop, >>> and >> users). My plan is that I will set up separate profile shares on both >> side, >> but at least they can use their own username and even change their >> password. >> So, I would like to try the multi-PDC scenario with master and slave >> LDAP >> server, but I worry about a little. It makes very little sense to have multiple PDC's, and only adds to both administrative and user confusion IMHO. Give the present workings of OpenLDAP, just pick a replication strategy the makes sense and use a single domain. I've built and run a single domain on a 15 node VPN with multi-master OpenLDAP backend, and it is remarkably resilient. > >> >> >> > > How are you intending to keep roaming profiles in sync (the files on > the server, not the stuff in LDAP)? Are you going to use rsync? Unless users jump from office to office, why bother. I would set road warriors with local profiles and and sync their stuff in a manner appropriate to there schedules/primary location. > > > > ---- > Scott Grizzard > Scott(a)ScottGrizzard.com > http://www.ScottGrizzard.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Tamás Pisch on 13 Jul 2010 03:10 > > How did you get it working like that so quickly? Did you get it > > working with two primary domain controllers? (As opposed to one PDC > and two BDC's?) > > It shuld be some misunderstanding, because I didn't. I still planning the setup. > Of course, my users only visited each others' offices "occasionally". > > If you have tons of movement between the offices, a one-domain > solution may be forced upon you... > > Unfortunately, a lot of users are roaming users (teachers with laptop, and > > users). My plan is that I will set up separate profile shares on both side, > but at least they can use their own username and even change their > password. > So, I would like to try the multi-PDC scenario with master and slave LDAP > server, but I worry about a little. > > > It makes very little sense to have multiple PDC's, and only adds to both > administrative and user confusion IMHO. Give the present workings of > OpenLDAP, just pick a replication strategy the makes sense and use a single > domain. I've built and run a single domain on a 15 node VPN with > multi-master OpenLDAP backend, and it is remarkably resilient. > About multi-master replication. Scott wrote that he had to deal with it a lot, so he didn't recommended that. But, I need one domain, because a lot of users uses both site. So, I have the following options: 1. PDCs on each site, with the same domain, as chapter 6 describes. a. Master LDAP server in the HQ, and slave in the branch site, according to the SaMBa guide. b. Branch site uses master LDAP server too. It looks tepmting, but difficult/dangerous to me. 2. PDC on the HQ, BDC on the branch site a. branch site uses slave LDAP server. b. Branch site uses master LDAP server too. In 1/a and 2/a, the VPN outage could be problem. Am I right? As i know, only PDC writes to the LDAP database. Is that true? Because in case of VPN outage, this situation has the same drawback. So, my main problem is the unreliable ADSL line. Can we live with slave server in the branch office? > > How are you intending to keep roaming profiles in sync (the files on > the server, not the stuff in LDAP)? Are you going to use rsync? > > Unless users jump from office to office, why bother. I would set road > warriors with local profiles and and sync their stuff in a manner > appropriate to there schedules/primary location. > Students will have that problem, but they have to bow to it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: One account can access samba, another can't.SOLVED Next: [Samba] Another WINS Question/Issue |