Backup Domain Controller (BDC) for the Primary Domain Controller (PDC)
Once again you install a minimal CentOS 4.x system, full update it with.
yum install mc samba-common samba openldap-clients perl-XML-NamespaceSupport perl-XML-SAX glibc-kernheaders glibc-headers glibc-devel cpp perl-HTML-Tagset perl-HTML-Parser perl-Convert-ASN1 perl-URI perl-libwww-perl perl-Digest-SHA1 openldap-servers perl-LDAP gcc
go to this webpage to download THE EXACT SAME version of smbldap-tools you used to install the PDC, THE EXACT SAME NUMBERS!!!. And user the SAME domain names and passwords.
tar -xvzf smbldap-installer-1.2.1.tgz
You already know which tools to use as described just above in the PDC setup guide. Will skip a few steps so that I can stop repeating myself and go into the real thing.
The first thing you must do is change on this BDC the following in
domain master = no
wins support = no
wins server = ip_address_of_pdc_server
Don't forget to change the Share Definitions in your smb.conf file on the BDC as well to suit your needs.
Now you do the following on the BDC server , make sure samba is started up (/etc/init.d/smb start)
net rpc getsid
you will be asked for the same password you use to join your windows clients to the samba domain.
the using Midnight Commander's or just mc ssh link or some other means whatever you like (easy is mc , then you select left and chose ssh and type in ip of server pdc, it looks like norton commander), copy from the pdc server /var/lib/ldap directory to bdc server /var/lib/ldap.
Berore the copy takes place make sure you stop the ldap server (/etc/init.d/ldap stop) on the bdc.
After the copy finished make sure that all files under /var/lib/ldap are owned by user ldap group ldap
chown ldap.ldap *
now you'll configure the slave ldap server on the bdc server like this
you can use whatever ip you like, I'm only writing down the modifications you have to make, leave the rest alone.
instead of yourdomainname you type your real domain name you used for the pdc, and instead of that ip you type the ip of the pdc.
now you can start this ldap server on the bdc server
On the PDC server you do the following modifications to your ldap config
now restart ldap here as well
now you can try adding a user to you pdc server, via usrmgr.exe from windows or directly with smbldap-tools, then look into /var/lib/ldap/replica directory and you can see what happened in those log files, if you go to bdc server, and type the following.
it must returnt the exact same id as the pdc server does.
Amongs other things you should also copy over the /var/lib/samba directory from the samba pdc to the samba bdc , so if the pdc is dead for some reason clients loging into the network will run their startup script.
You can have as many bdc servers as you want , in fact you can even have them in different subnets, just make sure that you specify the following in the PDC config (ONLY WITH DIFFERENT SUBNETS)
remote announce = 192.168.11.255/YOURDOMAIN 192.168.1.255/YOURDOMAIN
remote browse sync = 192.168.1.255 192.168.11.255
for the first parameter the foreign subnets are first, and your local subnet is last, for second parameter
your local subnet is first foreign subnet is last.
Kashif Aziz Awan