Section 9.3. Configuring a Samba BDC

Previous page
Table of content
Next page

9.3. Configuring a Samba BDC

Configuring a Samba backup domain controller seems like it would be more difficult than it actually is. To locate a PDC, Windows clients attempt to resolve the DOMAIN<0x1b> NetBIOS name. To locate all available domain controllers, clients look for the DOMAIN<0x1c> name. So, by definition, a BDC must register the <0x1c> name but not <0x1b>. This requirement translates into the following smb.conf settings:

 [global]     domain master = no     domain logons = yes

Everything else about the BDC's configuration is identical to that of the PDC.

This step takes care of making the domain controller appear as a BDC. In order to function as a BDC, the Samba hosts must also synchronize the following information with the PDC:

  • The domain SID

  • User and group account information

  • The contents of the [netlogon] share, such as system polices and logon scripts

The first two requirements are easily met by using the ldapsam passdb. In fact, this is the primary goal for Samba's LDAP integration. There are other possible solutions that don't require deploying an LDAP directory. These all involve using rsync to periodically push the passdb storage media (files or databases) periodically from the PDC to other domain controllers.

Synchronizing the contents of the [netlogon] share is fairly easy using any one of the available replication tools. Our preferred method is to run rsync, using SSH keys for authentication, periodically from a cron job. The following script ensures that the [netlogon] shares (i.e., /data/netlogon) on the two BDCs, turtle and owl, are kept in sync with the PDC. Each BDC has the PDC's root SSH key in ~root/.ssh/authorized_keys.

 #!/bin/sh HOSTS="turtle.example.com owl.example.com" NETLOGON=/data/netlogon for h in ${HOSTS}; do     rsync -a -e ssh -delete ${NETLOGON}/ ${h}:${NETLOGON}/ done

See SSH: The Secure Shell: The Definitive Guide, by Daniel J. Barrett and Richard E. Silverman (O'Reilly), for more information on using public-key-based authentication with SSH.


Not all information is synchronized between the PDC and BDCs. For example, because the UNC path to home directories and roaming user profiles can be stored in the user's passdb enTRy, these file shares must be maintained on a central server. There are several ways to prevent these shares from being a single point of failure, such as maintaining two servers that run high availability software such as Heartbeat (http://www.linux-ha.org) and a shared storage backend. This and other HA solutions are beyond the scope of our discussion.



Previous page
Table of content
Next page
Using Samba
Using Samba: A File and Print Server for Linux, Unix & Mac OS X, 3rd Edition
ISBN: 0596007698
EAN: 2147483647
Year: 2004
Pages: 135
Authors: Gerald Carter, Jay Ts, Robert Eckstein
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Developing Tablet PC Applications (Charles River Media Programming)
Mastering Delphi 7
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy