[TriLUG] ad on linux

Kevin Flanagan flanagannc at gmail.com
Fri Apr 6 18:20:50 EDT 2007


If you only have one Domain Controller, you have a Primary Domain
controller, if you have more than one you have backup(s) too.  Now, this is
less true in a full native mode AD, but still is sort of.  PDC/BDC stuff is
generally NT4 speak.  Most SAMBA implementations are done in NT4 mode, I
don't know if Samba V3 will do an "AD" style directory.

NT4 AKA LanManager or lanman used a primary and one or more backup domain
controllers.  Only one writable copy of the directory, replicated out to the
BDCs.

NT4 domains had a very rudimentary set of policy based management tools,
mostly it was about authentication and authorization.



AD is a multimaster directory, each copy is read/write, except for some
special roles, these can be moved.

AD has Group Policies, you can control user and computer behavior to a far
greater degree, but you can also shoot yourself in the foot/head in a lot
more ways.


Hope this helps, rather than confuses the issue.


Kevin


On 4/6/07, David Brain <dbrain at gmail.com> wrote:
>
> pdc = primary domain controller
> bdc = backup domain controler
>
> On 4/6/07, Jason Watts <jsnonzzr at gmail.com> wrote:
> > the stuff mentioned in your email roy is a little above my head right
> now...
> > but, that's one of the reasons for doing this, is to look into learning
> it.
> >
> > I didn't realize samba could be used to do so much... ill be cracking
> open
> > the manual pages on it soon...
> >
> > also, what does pdc and bdc stand for? i realize they are domain
> > controllers... not nut sure of the p and the b ( im guessing p = public)
> >
> > thanks for all the info guys... i now have names to get me started and
> > going.
> >
> > and yes, sledgehammers rock
> >
> >
> > On 4/6/07, Roy Vestal <rvestal at trilug.org> wrote:
> > >
> > > You don't need the sledgehammer.
> > >
> > > I did exactly what you are asking about 3 years ago with Samba 3.x and
> > > RHEL 3.0 (this was for a corp). Now I've not used it as a PDC, but as
> a
> > > BDC.
> > >
> > > We set it up where the domain had full control of the shares on the
> > > RHEL3 boxes (yes MANY boxes) as well as some Solaris 2.8 boxes
> (woohoo!
> > > samba rocks).
> > >
> > > Now with that said, do you really need a PDC?
> > >
> > > Why not just set a linux box up using Samba in a "shares = user" and
> use
> > > a password.map structure? Then you can alias groups in the
> password.map.
> > > Have 3, 1 for you, i.e. jwatts = jwatts, on for her, jwattsgf =
> > > jwattsgf, and one for sharing jwandgf  = jwandgf. Then in your
> > > samba.conf file, simply use the group settings for the user structure,
> > > i.e write users = @jwandgf.
> > >
> > > Samba and CUPS play nicely together so this would solve the issue of
> > > print sharing. Also, with SWAT, you can do this all via webconsole.
> > >
> > > HTH,
> > > Roy
> > >
> > > Jason Watts wrote:
> > > > i have other reasons for wanting to set up a server client
> > > > environment, such
> > > > as file and printer sharing... and i realize i am trying to use a
> > > > sledgehammer to drive a 3 inch nail ... but I'm also doing this just
> > > > for the
> > > > experience too.
> > > >
> > > > as far as openldap,  no... I'm not really sure whats out there I'm
> just
> > > > asking for a few names to get the ball rolling.
> > > >
> > > >
> > > >
> > > >
> > > > On 4/6/07, Kevin Kreamer <kevin at kreamer.org> wrote:
> > > >>
> > > >> Jason Watts wrote:
> > > >> > I'm wanting to have a *nix based server with windows xp based
> > > >> clients in
> > > >> a
> > > >> > domain type setting.
> > > >> > to be more specific... i want to make sure my gfhas no install
> > > >> rights on
> > > >> > the
> > > >> > windows pc's
> > > >>
> > > >> If it's XP or so, and all you are trying to do is limit install
> rights,
> > > >> why not just make her a normal user account instead of an admin
> > > account?
> > > >> Easier than trying to mess around with AD.
> > > >>
> > > >> Kevin
> > > >>
> > > >> --
> > > >> TriLUG mailing list        :
> > > >> http://www.trilug.org/mailman/listinfo/trilug
> > > >> TriLUG Organizational FAQ  : http://trilug.org/faq/
> > > >> TriLUG Member Services FAQ :
> http://members.trilug.org/services_faq/
> > > >>
> > >
> > > --
> > > TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> > > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > >
> > --
> > TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>



-- 
+---------------------------------------------------+
Fear and hatred clouds our judgment
Free us all from endless night
      John Lennon from "Attica State"



More information about the TriLUG mailing list