I think the multi-master replication sort-of defeats the purpose of the PDC in the remote office - multi-master replication means the information must be sent to both servers anyway. If I recall correctly, I think Chapter 6 refers to running BDC's in each remote office, and only one PDC...
I played with this once, and I got it working by setting up a PDC and BDC in the main office, a BDC (not PDC) in the remote office, and using LDAP's new multi-master replication to keep everything in sync. Throw in your DNS database, and It works, it's cool, but I think it was so not worth the effort (unless you have nothing better to do with your 20% time). I spent a whole lot of time making sure the configs were perfect for the mult-master replication. The thing that threw the monkey-wrench is DNS and DHCP...I ended up putting all the DHCP information into the LDAP as well, with defined IP addresses for every MAC, because DHCPd updates the DNS when a new user requests an IP address. Since I put a DHCP server on both sides of the VPN, I needed multi-master replication for the DNS information so the computers could find each other. In the end, I dumped the MAC addresses from my hardware catalog into the LDAP, and preassigned all the IP's to reduce the number of writes to the LDAP server. I found it is much easier to set up two separate domains and have them trust each other, using different branches of the same LDAP tree. Then, let one server write to one branch, the other server write to the other branch, and do multi-master replication between them. That way, there is no worrying about simultaneous updates or any of that jazz. Not as cool...or as elegant, but it made my life easier by isolating problems. I did the same for the DNS information, setting up separate zones for each physical office. Since the information was in the same tree, it was much easier to configure mail servers and other services needing directory information, and since I did not delegate the branches, the mail server (only in the main office) did not need to read off my remote directories over VPN. Of course, my users only visited each others' offices "occasionally". If you have tons of movement between the offices, a one-domain solution may be forced upon you... On Fri, Jul 9, 2010 at 8:58 AM, <[email protected]> wrote: > > > >> >> >> >> >> >> On Friday 09/07/2010 at 4:36 am, Tamás Pisch wrote: >>> >>> Hello, >>> >>> I have a PDC with master ldap backend and a BDC with slave ldap backend >>> (both are SaMBa 3.2 on Debian Lenny). I want to install an additional >>> SaMBa >>> server on an another site (on Debian Squeeze). The two sites is connected >>> with VPN (on not so reliable ADSL lines). I read an interesting network >>> scenario in the Samba Guide chapter 6: theoretically it is possible to >>> install one PDC on both site, with the same domain, server name, and SID. >>> I >>> like this idea, but: is there anyone who tried that, have experience with >>> it? >> >> No, but your best option is to simply use LDAP replication and install an >> LDAP server on the remote location server. This way, auth traffic on the >> remote is always local (saving bandwidth) and is available regardless of the >> link being up or down. Do the same with DNS, and you'll be quite happy with >> the results as will your users. >>> >>> >>> >>> Thank you, in advance. >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- ---- Scott Grizzard [email protected] http://www.ScottGrizzard.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
