[K12OSN] Managing a Samba PDC

David Trask dtrask at vcs.u52.k12.me.us
Fri Mar 11 14:14:08 UTC 2005 

Ok...first issue...you have 4 machines handling authentication and you
ONLY have 700 users?  I have one server and 600 users and don't even come
REMOTELY close to needing another server.  Did some M$ vendor sell you on
this idea?  I'm all for backups and BDC's, but there's a point where it's
overkill.  Anyway...you can easily build a Samba/LDAP server to handle
what you're doing now.  I use mine as my PDC serving roaming profiles for
Win XP and also auth'ing my Terminal server which is a member of the
domain.  It also handles all the auth'ing on the Linux side and houses the
users home dirs that are then exported to the various servers via NFS. 
The biggest issue is about users.  What I normally do....I wait until
summer...blow the servers away along with all the users and recreate from
scratch.  I give my staff another simple server to back their stuff up on
to (stuff they NEED to keep) and blow the rest away.  Forces you and them
to clean house and makes it easy for you to create new users. 
Otherwise...if you can extract the usernames and possibly the passwords
from the NT server....(text file of some sort) you can then manipulate it
and recreate them in the smbldap server using the included scripts for
adding users.  Let us know and we'll help you along  :-)  Welcome over
from the "dark side".  You'll love the freedom and ease of use once you
make the change.  I love being able to easily manage my servers via ssh
from anywhere in the world....it's very liberating and allows me to get
out and go home more.  :-)

PS:  As for backup?  There are many options, but one thing I've done....I
have a server with removable HD's.  I use a backup script that I wrote to
back-up the profiles and the home dirs as a tar file (which preserves
permissions) and moves it to another server via and NFS share.  Then I
have a couple HD's ready with the OS and smbldap already installed (same
config as the production ones) and in the event of unlikely failure....I
simply pop in the new HD's....copy the latest backup (or even make a
backup of the current /home if I can still get to it) back to the
server...untar it....and we're back in business.  Worst case...the
passwords are reset to the defaults, but I simply let everyone know and
they go in and change them when they log in next time. 
Sometimes...methods like this are a lot less time consuming than trying to
do bare metal backups and so forth.  We've never lost a shred of data
(picture me furiously knocking on wood)  ;-)

One more thing....go gigabit on this server...makes a WORLD of difference!

"Support list for opensource software in schools." <k12osn at redhat.com> on
Friday, March 11, 2005 at 7:05 AM +0000 wrote:
>prob easiest to take the names and build a new smbldap pdc and bdc.where
>are your homedirs..in our case i havnt yet duplicated some of the nt
>functionality in ldap as far as authrnticating thru firewall adn
>multiserver homedirs..itl take about 10 minutes to build a new
>authentication from smbldap if you dont have exising structures that wil
>screw you up...chuck
>
>> Hello all,
>>     All the discussion of the new smbldap script flying around lately 
>> has triggered a few questions in my disheveled mind.  I run a 700+ user 
>> NT domain, with one PDC and 3 BDCs helping to distribute the 
>> authentication load.  If I built a Samba PDC would the BDCs still sync 
>> up with it, or would I have to turn them into just plain servers? 
>Could 
>> I still use the NT User Manager for Domains application for user 
>> creation and maintenance, or would I need to retrain my staff on 
>> something else?  If I ran this script on my K12LTSP server, would it 
>> automatically start accepting the existing Domain logons and passwords 
>> transparently, or is there more to it than that? I've got my users 
>> "Home" folders spread out across three servers, one for HS, one for MS, 
>> and one for ES for fault tolerance.  Initially these were three
>separate 
>> LANs and when we connected them I just left the existing scheme in 
>> place.  Can the Samba PDC implementation handle that, or do I have to 
>> change the way I do things? Forgive me if these are silly questions,
>but 
>> I'm an NT guy trying to find his way in the Linux world.
>> 
>> -- 
>> 
>> C-ya,
>> Mark


David N. Trask
Technology Teacher/Coordinator
Vassalboro Community School
dtrask at vcs.u52.k12.me.us
(207)923-3100

More information about the K12OSN mailing list