From ff78c3bf5c3a73cf90f6517d9b2d6b8c12d22d68 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 18 Feb 2003 22:14:04 +0000 Subject: Regenerate (This used to be commit 1ab5a3b17feb677425bb1071357c3dbabcc46c7e) --- docs/htmldocs/samba-bdc.html | 62 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 49 insertions(+), 13 deletions(-) (limited to 'docs/htmldocs/samba-bdc.html') diff --git a/docs/htmldocs/samba-bdc.html b/docs/htmldocs/samba-bdc.html index ef06a89416..42f653fb7d 100644 --- a/docs/htmldocs/samba-bdc.html +++ b/docs/htmldocs/samba-bdc.html @@ -5,8 +5,7 @@ >How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

Chapter 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

Chapter 6. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

7.1. Prerequisite Reading

6.1. Prerequisite Reading

Before you continue reading in this chapter, please make sure that you are comfortable with configuring a Samba PDC @@ -94,7 +97,9 @@ CLASS="SECT1" >

7.2. Background

6.2. Background

What is a Domain Controller? It is a machine that is able to answer logon requests from workstations in a Windows NT Domain. Whenever a @@ -137,7 +142,9 @@ CLASS="SECT1" >

7.3. What qualifies a Domain Controller on the network?

6.3. What qualifies a Domain Controller on the network?

Every machine that is a Domain Controller for the domain SAMBA has to register the NetBIOS group name SAMBA#1c with the WINS server and/or @@ -152,7 +159,9 @@ CLASS="SECT2" >

7.3.1. How does a Workstation find its domain controller?

6.3.1. How does a Workstation find its domain controller?

A NT workstation in the domain SAMBA that wants a local user to be authenticated has to find the domain controller for SAMBA. It does @@ -169,7 +178,9 @@ CLASS="SECT2" >

7.3.2. When is the PDC needed?

6.3.2. When is the PDC needed?

Whenever a user wants to change his password, this has to be done on the PDC. To find the PDC, the workstation does a NetBIOS name query @@ -183,13 +194,19 @@ CLASS="SECT1" >

7.4. Can Samba be a Backup Domain Controller?

6.4. Can Samba be a Backup Domain Controller to an NT PDC?

With version 2.2, no. The native NT SAM replication protocols have not yet been fully implemented. The Samba Team is working on understanding and implementing the protocols, but this work has not been finished for version 2.2.

With version 3.0, the work on both the replication protocols and a +suitable storage mechanism has progressed, and some form of NT4 BDC +support is expected soon.

Can I get the benefits of a BDC with Samba? Yes. The main reason for implementing a BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to @@ -200,7 +217,9 @@ CLASS="SECT1" >

7.5. How do I set up a Samba BDC?

6.5. How do I set up a Samba BDC?

Several things have to be done:

7.5.1. How do I replicate the smbpasswd file?

6.5.1. How do I replicate the smbpasswd file?

Replication of the smbpasswd file is sensitive. It has to be done whenever changes to the SAM are made. Every user's password change is @@ -279,6 +300,21 @@ rsync. rsync can use ssh as a transport. ssh itself can be set up to accept *only* rsync transfer without requiring the user to type a password.

6.5.2. Can I do this all with LDAP?

The simple answer is YES. Samba's pdb_ldap code supports +binding to a replica LDAP server, and will also follow referrals and +rebind to the master if it ever needs to make a modification to the +database. (Normally BDCs are read only, so this will not occur +often).

How to Configure Samba as a NT4 Primary Domain ControllerSamba as a NT4 or Win2k Primary Domain Controller