summaryrefslogtreecommitdiff
path: root/docs/docbook/projdoc/Samba-BDC-HOWTO.xml
diff options
context:
space:
mode:
authorJohn Terpstra <jht@samba.org>2003-05-08 07:40:21 +0000
committerJohn Terpstra <jht@samba.org>2003-05-08 07:40:21 +0000
commit8210b69406f8b3b213cb7d9fdc5c58986f80a56b (patch)
treed657efe0234bba25f7cd7ab9f82c197e45db12fc /docs/docbook/projdoc/Samba-BDC-HOWTO.xml
parent53f0ebc82b27347264c0ebc972487c6f62eb8933 (diff)
downloadsamba-8210b69406f8b3b213cb7d9fdc5c58986f80a56b.tar.gz
samba-8210b69406f8b3b213cb7d9fdc5c58986f80a56b.tar.bz2
samba-8210b69406f8b3b213cb7d9fdc5c58986f80a56b.zip
Another set of updates to the docs.
(This used to be commit 9abe3b23836ae75bd31fd2af4c7d82f34c27f52a)
Diffstat (limited to 'docs/docbook/projdoc/Samba-BDC-HOWTO.xml')
-rw-r--r--docs/docbook/projdoc/Samba-BDC-HOWTO.xml133
1 files changed, 95 insertions, 38 deletions
diff --git a/docs/docbook/projdoc/Samba-BDC-HOWTO.xml b/docs/docbook/projdoc/Samba-BDC-HOWTO.xml
index 8b72c8e28f..5d62902487 100644
--- a/docs/docbook/projdoc/Samba-BDC-HOWTO.xml
+++ b/docs/docbook/projdoc/Samba-BDC-HOWTO.xml
@@ -17,9 +17,50 @@ with configuring a Samba Domain Controller as described in the
<title>Features And Benefits</title>
<para>
-Stuff goees here
+This is one of the most difficult chapters to summarise. It matters not what we say here
+for someone will still draw conclusions and / or approach the Samba-Team with expectations
+that are either not yet capable of being delivered, or that can be achieved for more
+effectively using a totally different approach. Since this HOWTO is already so large and
+extensive, we have taken the decision to provide sufficient (but not comprehensive)
+information regarding Backup Domain Control. In the event that you should have a persistent
+concern that is not addressed in this HOWTO document then please email
+<ulink url="mailto:jht@samba.org">John H Terpstra</ulink> clearly setting out your requirements
+and / or question and we will do our best to provide a solution.
</para>
+<para>
+Samba-3 is capable of acting as a Backup Domain Controller to another Samba Primary Domain
+Controller. A Samba-3 PDC can operate with an LDAP Account backend. The Samba-3 BDC can
+operate with a slave LDAP server for the Account backend. This effectively gives samba a high
+degree of scalability. This is a very sweet (nice) solution for large organisations.
+</para>
+
+<para>
+While it is possible to run a Samba-3 BDC with non-LDAP backend, the administrator will
+need to figure out precisely what is the best way to replicate (copy / distribute) the
+user and machine Accounts backend. Again, Samba-3 provides a number of possibilities:
+</para>
+
+<itemizedlist>
+<title>Backup Domain Backend Account Distribution Options</title>
+ <listitem><para>
+ Passwd Backend is LDAP based, BDCs use a slave LDAP server
+ </para></listitem>
+
+ <listitem><para>
+ Passdb Backend is tdbsam based, BDCs use cron based "net rcp vampire" to
+ suck down the Accounts database from the PDC
+ </para></listitem>
+
+ <listitem><para>
+ Make use of rsync to replicate (pull down) copies of the essential account files
+ </para></listitem>
+
+ <listitem><para>
+ Operate with an entirely local accounts database (not recommended)
+ </para></listitem>
+</itemizedlist>
+
</sect1>
<sect1>
@@ -203,29 +244,6 @@ mutually authenticate and the password change is done.
<sect1>
-<title>Can Samba be a Backup Domain Controller to an NT4 PDC?</title>
-
-<para>
-With version 2.2, no. The native NT4 SAM replication protocols have not yet been fully
-implemented. The Samba Team is working on understanding and implementing the protocols,
-but this work has not been finished for version 2.2.
-</para>
-
-<para>
-With version 3.0, the work on both the replication protocols and a suitable storage
-mechanism has progressed, and some form of NT4 BDC support is expected soon.
-</para>
-
-<para>
-Can I get the benefits of a BDC with Samba? Yes. The main reason for implementing a
-BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to
-service logon requests whenever the PDC is down.
-</para>
-
-</sect1>
-
-
-<sect1>
<title>Backup Domain Controller Configuration</title>
<para>
@@ -273,11 +291,15 @@ Several things have to be done:
</itemizedlist>
+<sect2>
+<title>Example Configuration</title>
+
<para>
Finally, the BDC has to be found by the workstations. This can be done by setting:
</para>
<para><programlisting>
+<title>Essential Parameters for BDC Operation</title>
workgroup = SAMBA
domain master = no
domain logons = yes
@@ -285,13 +307,58 @@ Finally, the BDC has to be found by the workstations. This can be done by settin
<para>
in the [global]-section of the smb.conf of the BDC. This makes the BDC
-only register the name SAMBA#1c with the WINS server. This is no
-problem as the name SAMBA#1c is a NetBIOS group name that is meant to
+only register the name SAMBA&lt;#1c&gt; with the WINS server. This is no
+problem as the name SAMBA&lt;#1c&gt; is a NetBIOS group name that is meant to
be registered by more than one machine. The parameter 'domain master =
-no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS
+no' forces the BDC not to register SAMBA&lt;#1b&gt; which as a unique NetBIOS
name is reserved for the Primary Domain Controller.
</para>
+</sect2>
+</sect1>
+
+<sect1>
+<title>Common Errors</title>
+
+<para>
+As this is a rather new area for Samba there are not many examples thta we may refer to. Keep
+watching for updates to this section.
+</para>
+
+<sect2>
+<title>Machine Accounts keep expiring, what can I do?</title>
+
+<para>
+This problem will occur when occur when the account files are replicated from a central
+server but the local Domain Controllers are not forwarding machine account password updates
+back to the central server, or where there is an excessive delay in replication of the centrally
+changed machine account password to the local Domain Controller.
+</para>
+
+</sect2>
+
+<sect2>
+<title>Can Samba be a Backup Domain Controller to an NT4 PDC?</title>
+
+<para>
+With version 2.2, no. The native NT4 SAM replication protocols have not yet been fully
+implemented. The Samba Team is working on understanding and implementing the protocols,
+but this work has not been finished for version 2.2.
+</para>
+
+<para>
+With version 3.0, the work on both the replication protocols and a suitable storage
+mechanism has progressed, and some form of NT4 BDC support is expected soon.
+</para>
+
+<para>
+Can I get the benefits of a BDC with Samba? Yes. The main reason for implementing a
+BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to
+service logon requests whenever the PDC is down.
+</para>
+
+</sect2>
+
<sect2>
<title>How do I replicate the smbpasswd file?</title>
@@ -309,7 +376,6 @@ Ssh itself can be set up to accept *only* rsync transfer without requiring the u
to type a password.
</para>
-
</sect2>
<sect2>
@@ -321,16 +387,7 @@ LDAP server, and will also follow referrals and rebind to the master if it ever
needs to make a modification to the database. (Normally BDCs are read only, so
this will not occur often).
</para>
-</sect2>
-
-</sect1>
-
-<sect1>
-<title>Common Errors</title>
-
-<para>
-Stuff goes here
-</para>
+</sect2>
</sect1>
</chapter>