Kevin Saenz wrote:
Hi all,
I haven't used Samba for a while. I am wondering if Samba development
has included distributed authentication.
If what you mean by 'distributed authentication' is the ability for a
specific user to authenticate anywhere
within the domain regardless of location or computer used, the answer is
yes ever since.
The method has developed, improved, and become sophisticated over the
years.
During the early years of Samba I'd implement 'distributed
authentication' by using the tools of 'rcp' then 'scp' and
then 'rsync' . These are clumsy and/or not secure methods but they worked.
Currently, the standard method is to use a central authentication
database like OpenLDAP, Kerberos, PAM, MySQL
to name a few. These methods are robust and secure. I prefer OpenLDAP
and/or Kerberos.
I am asking this because I don't like the idea of a single point of
failure when it comes to authentication.
There has always been redundant authentication depending on the Sytem
Administrator's ability to
engineer his/her network.
What happens when the "PDC" goes down. Can people still authenticate
to the domain. If this is the case
how do you do it?
Configure Samba domains with PDC/BDCs. You have domains with multiple
servers of PDC and BDC, don't you ?
I have Samba also tied with LDAP for authentication, I understand the
master, slave replica can the slave
update the master if it is down for an extended period?
You can't update a master from a slave. It is even more so when it is down.
But you can quickly re-configure an LDAP Slave into a master. And when
your original master is back in
service 'duplicate' (using slapcat and slapadd) the current master and
restore the previous configuration.
Hope this helps.
Thanks
Kevin
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
