[K12OSN] HELP: can there be two samba servers in one domain?

Robert Mortimer rmortimer at bluechiptechnology.co.uk
Tue Dec 13 14:34:52 UTC 2005


There can be as many SAMBA servers as you like - You just have one PDC
Simply join the secondary SAMBA device to the domain for storage
Look at a BDC if you need fail-over authentication

This is a windows NT thing not a Samba thing. In NT additional servers are
joined to the domain in the same way as clients as BDCs. The only difference
between NT server & normal clients is NT clients are crippled to limit
connections.
A BDC holds a copy of the authentication database and can validate logons
(or be
promoted to PDC) SAMBA does not have the artificial split between client and
server.

In both AD and NT there is always 1 prime machine PDC that can be supported
by BDCS. BDCs are promoted in the event of the prime machine failing. AD has
not changed this model it has just changes the type of information available
and the manor of replication

You can configure
	SAMBA PDC
	SAMBA BDC to a SAMBA PDC
	and SAMBA Member server (un crippled client)

> -----Original Message-----
> From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com]On
> Behalf Of john
> Sent: 12 December 2005 20:52
> To: k12osn at redhat.com
> Subject: Re: [K12OSN] HELP: can there be two samba servers in one
> domain?
>
>
> Thanks Mark,
>
> I am sort of amazed the more I look into this. As far as I can tell,
> Multiple boxes running Samba really don't have a native way to share a
> single backend via AD.  I'd love to be wrong about this. I am sort of
> thinking out loud here, perhaps it will help me or someone else who
> has this problem in the future.
>
> I am not able to move to OpenLdap since the scope of this project =!
> complete network paradigm shift at this time. The newly released FC4
> Directory Server http://directory.fedora.redhat.com/wiki/Main_Page
> which could be a substitute for AD someday seems too green to me.
>
> The more I look into trying to have more than a single Samba box share
> credentials with AD it looks like I have to do one of the following,
> all of which seem to have _way_ too many moving parts to be reliable.
>
> 1) Hack Samba (this is beyond my meager skillset, I assume if it were
> obvious someone would have scratched this itch by now)
> http://www.linux-faqs.com//HOWTO/Samba-HOWTO-Collection/cfgsmarts.php
>
> 2) use someone else's hack by way of a seemingly moribund project on
> Source Forge
> http://groups.google.com/group/linux.samba/browse_thread/thread/e9
> d0a4caedd67473/40b697830a6dce06?lnk=st&q=multiple+samba+ads&rnum=1
> 0&hl=en#40b697830a6dce06
> following directions from here: http://www.securityfocus.com/infocus/1563
>
> 3)Or use MS Unix tools
> http://www.microsoft.com/windowsserversystem/sfu/downloads/default.mspx
> using these directions http://www.oo-services.com/en/articles/sso.html
>
> Frankly, this seems like WAY to much work, just to spread a little
> storage around. I'll keep looking into this, and would love to have
> someone set me straight, and tell me (in an easy to follow step by
> step manner :-)   )how easy this project really is.
>
> John
>
>
> On 12/12/05, Mark Gumprecht <gumprechtm at msad3.org> wrote:
> > John I'm no pro and ran out of time with the beginning of school to get
> > mine in so....net getlocalsid will pull up the local domain sid. Man net
> > will give you some other commands like setlocalsid, not much, but HTH
> > Mark
> >
> > john wrote:
> >
> > >Hi all,
> > >I need some advice and I hope folks here can help. I have set up
> > >k12ltsp to provide single sign on and file storage for users in
> > >Windows Domain which uses ADS. However instead of storing the files
> > >locally on the k12ltsp box, I would like to have my file storage on a
> > >separate Samba file server (and in the future several Samba servers).
> > >So basically multiple Samba installations using ADS and all using the
> > >same SID==>GID/UID mapping.
> > >
> > >So here's the scenerio:
> > >
> > >Linux box A is running FC4 , Samba and NFS. This box exports /home via
> > >NFS to Linux Box B running K12LTSP and Winbind. I have single sign
> > >(for windows and terminal clients)  via winbind working on box B.
> > >
> > >Problem: I need someway to keep SID ==> GID/UID mapping consistent
> > >from box to box, if I run two version of winbind, mappings will be out
> > >of sync. I THINK i need to create a unified IDMAP and point box A to
> > >it. I've been looking at IDMap_RID here
> >
>http://tr.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2
567740
> >but I am not sure that this is even in the ball park.
> >
> >Also, some folks seem to believe the only way to accomplish this is
> >with a Unix snap in for AD.
> >
> >I could really use some help on this!
> >
> >TIA,
> >
> >_______________________________________________
> >K12OSN mailing list
> >K12OSN at redhat.com
> >https://www.redhat.com/mailman/listinfo/k12osn
> >For more info see <http://www.k12os.org>
> >
> >
> >
>
> --
> Mark Gumprecht
> Data Systems Specialist
> MSAD3
> Unity, ME
> gumprechtm at msad3.org
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>




More information about the K12OSN mailing list