On Tue, 16 Sep 2003, Matt Schillinger wrote: > On Mon, 2003-09-15 at 15:44, Michael Heironimus wrote: > > On Mon, Sep 15, 2003 at 10:34:22AM -0500, Matt Schillinger wrote: > > > > I have to admit that I don't see why you can't live live one PDC and X > > > > BDCs. You would have construct your LDAP servers this way anyway. If a > > > > PDC goes down (or the connection breaks) the BDC would still be able > > > > process logons on his own. > > > > > > > The only Problem here is resources. The plan is that there are already > > > machines that can be used as PDC, one per building. However, there isn't > > > budget for a BDC per building, so the hope was to have a single BDC at > > > the main building.. I can see that this would be difficult, particularly > > > if ports 137-139 were blocked at T1 Router. > > > > You're trying to do it backwards. You want one PDC and multiple BDC's, > > not the other way around. Take the machines that are slated for PDC use > > and just use them as BDC's instead. You would do the same thing with > > Windows servers, one PDC in the main building and a BDC at each remote > > site. > > > I understand what the standard would be, but the reason that I'm trying > 'backwards' is that I want to keep authentication traffic off of the T-1 > connections that are used for internet/interbuilding traffic. > > So far, all i've come up with is to have no BDC, and have multiple PDC, > each at their own building, with only WINS for the building, and no > other buildings.. LDAP can still be centralized and replicated to each > PDC. That's not the nicest (I'd like for clients to be able to browse > the entire network), but i'm seeing alot of problems with the idea (such > as who authenticates a request for Machine 'a' in building '1', when it > wants a share from Machine 'b' in building '2' --- And, how do you > prevent browsing data from saying that there's a PDC on each building?? > Static Entries for PDCs??), so if it doesn't work right, i guess there's > no choice. > > It is Obviously easier to do it the 'forward' way. > > I guess on that line, if someone could perhaps explain how much traffic > i can expect out of authentication requests for say, 100 users / > building (100/T-1).. Would a T-1 support such traffic without affecting > the usability of internet?
Windows NT 3.51 was a dog compared with NT4 and Win2K. I installed my first big network using 3.51. It had 11 branch offices connected via a 64k ISDN link. We had 3500 users. Each branch had at least one BDC. Head office had 1 PDC and three BDCs. With WINS running correctly the total background communications traffic averaged around 9.7 kbps. The larget branch had 140 users on a 256k ISDN link, but it had 64k ISDN links running to mulitple branches more distant from head office than it was. Does that answer your question well enough? > Thanks for all your help and prompt responses, > > Matt Schillinger > [EMAIL PROTECTED] > > > > To do what I think you want, you probably want a central LDAP server and > > Samba PDC in your main building. In each remote building run a slave > > LDAP server replicating from the main one and a Samba BDC. Look at > > chapter 6 of the Samba-HOWTO-Collection document, it has a pretty > > thorough description of how all this works. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
