Replication

The installer more-or-less attempts to automate the implementation of Chapter 6 of Samba 3 By Example, a guide I cannot commend strongly enough. In summary, this includes:

1. Continual replication from your master LDAP server to all your slave LDAP servers (from your PDC to all your BDCs)
2. Automatic failover to a BDC as Domain Master should your PDC go down.

Documentation still needs to be written for this, but to get started just run the following command on your master LDAP server (PDC) for every BDC you wish to configure (after you have already run the script on your PDC with the "all" option):

• ./smbldap pdc

That command will configure your PDC to replicate its LDAP database to a BDC, and it will use ssh to copy the installer to the BDC (into the root user's home) and do an automated BDC configuration there. If the automated BDC configuration fails, log in directly to your BDC and run the following:

• ./smbldap bdc

Important Notes

1. Security: TLS is not currently being used. This means your LDAP data is traveling over the network in cleartext. This is not very good, and I wish to implement automated TLS configuration at some point. In the meantime, however, think of it as Terpstra says in Samba 3 By Example; this installer isn't setting you up with a completely secure solution, it's doing its best to set you up with a known working solution.
2. passdb backend in smb.conf should probably be modified to use the master and slave LDAP servers, but at the moment it's just always using 127.0.0.1. This may not be so bad, because ATM the script only automates the configuration of BDCs that are also LDAP slaves, so 127.0.0.1 should always work here, and if it doesn't (i.e., slapd on localhost is unavailable), then how likely is it that samba's working so well that it should fail over to another LDAP server, anyway? Better just to call the whole machine dead and fail over to another Samba box entirely.