Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bring on the replication The year of Replication in Samba4 Sysadmin Miniconf – Linux.conf.au 2010 Andrew Bartlett Samba Team Cisco Systems.

Published byAmberlynn Megan Morrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Bring on the replication The year of Replication in Samba4 Sysadmin Miniconf – Linux.conf.au 2010 Andrew Bartlett Samba Team Cisco Systems."— Presentation transcript:

1 Bring on the replication The year of Replication in Samba4 Sysadmin Miniconf – Linux.conf.au 2010 Andrew Bartlett Samba Team Cisco Systems

2 abartlet ● A Samba developer for 9 years now ● One of the lead developers on Samba4 ● I work for Cisco Systems – Full time on Samba4 – But these are my views, not theirs ● Please ask questions during the talk

3 Samba4 ● Provides AD-compatible Domain Controller ● Now also a replication Partner!

4 Replication ● Replication of user and group data – Data in the Directory – Not Group Policy data – Between Domain Controllers ● Replication of Passwords

5 Why Replication? ● Making Samba safe(er) to deploy ● Who wants a single point of failure?

6 Before ● Samba4 was suitable for: – Greenfield sites – Sites with only one domain controller – Sites willing to cut and run

7 The risks of cut and run ● Process: – Vampire AD domain – Shut down AD domain – Start up Samba4 – Hope everything still works ● There was no way back – As soon as Samba starts, the DB may change – No way to replicate changes back

8 Now ● As of alpha11 ● Benefits: – Samba4 is (more) suitable for sites with existing domains – Samba4 can be disabled, without loss of data ● Risks – Incorrect data written will be propagated across the enterprise

9 But didn't we already have replication? ● LDAP replication isn't really good enough ● We really need replication with Windows – And not just by using LDAP or DirSync ● The LDAP protocol does not have transactions – Nor do our current backend servers – We want both replication and transactions

10 DRS Replication ● The native replication with Windows ● Supported in both directions ● Supported from both initiators – Samba's provision – Windows 'dcpromo from scratch' ● NOT supported with the LDAP backend

11 Read Only Domain Controller ● Our next priority ● Allows safe incremental deployment ● Suitable for insecure branch offices – So a buggy Samba can't be any more malicious :-) ● This reduces the 'pollution' risk – No need to validate updates if there are none

12 Remaining risks ● Access Control – We have not fully locked down our LDB stack – Certain controls allow bypass of ACLs ● Samba4 may mislead it's clients – Group policy files not sync'ed yet ● Disasters in the Samba4 code ● AD servers don't validate inbound replications

13 Remaining tasks ● Admin tools ● Multi-domain forests ● Role management ● DNS ● And the DRS TODO list.

14 Interoperable DC versions ● Tested with – Windows 2008 R2 – Windows 2008 – Windows 2003

15 Production sites ● Secret Russian production site ● And a few others – Less intense use – Little feedback

16 Testing sites ● Little interest out of last year's Sysadmin Miniconf ● Have you eliminated all your windows clients? ● What are we not doing right?

17 Can I have version 1.0? ● No ● We will not 'release' Samba4 just to get the testing we need – Samba4 is unlikely to suit you if you can't pull from GIT to fix the problems you report

18 Demo Time!

Download ppt "Bring on the replication The year of Replication in Samba4 Sysadmin Miniconf – Linux.conf.au 2010 Andrew Bartlett Samba Team Cisco Systems."

Similar presentations

What’s New in Windows Server 2008 AD?

What’s New in Windows Server 2008 AD?
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Who I am Computing and Communications NDC Systems Management Stanford University Addison-Wesley Windows Enterprise Admin Nebula Admin Windows Enterprise.

Who I am Computing and Communications NDC Systems Management Stanford University Addison-Wesley Windows Enterprise Admin Nebula Admin Windows Enterprise.
Colorado State University’s Active Directory Environment Presented by the ACNS Windows Group Windows Administrators Advisory Group Meeting Feb 22 2011.

Colorado State University’s Active Directory Environment Presented by the ACNS Windows Group Windows Administrators Advisory Group Meeting Feb
Module 1: Installing Active Directory Domain Services

Module 1: Installing Active Directory Domain Services
31/10/2000NT Domain - AD Migration - JLab 2000 NT DOMAIN - ACTIVE DIRECTORY MIGRATION Michel Jouvin LAL Orsay

31/10/2000NT Domain - AD Migration - JLab 2000 NT DOMAIN - ACTIVE DIRECTORY MIGRATION Michel Jouvin LAL Orsay
Overview of Active Directory Domain Services Lesson 1.

Overview of Active Directory Domain Services Lesson 1.
Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory.

Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory.
Exploring Directory Services. Need for DS Multiple servers, multiple services in single network –Multiple servers for reliability, security, optimizing.

Exploring Directory Services. Need for DS Multiple servers, multiple services in single network –Multiple servers for reliability, security, optimizing.
Using Skype For Business

Using Skype For Business
Part I.  NOS  Directory Data Store(directory service, database)  Located on Domain Controllers (DCs), globally distributed, replicated (no longer PDCs/BDCs)

Part I.  NOS  Directory Data Store(directory service, database)  Located on Domain Controllers (DCs), globally distributed, replicated (no longer PDCs/BDCs)
Module 9: Active Directory Domain Services. Overview Describe new features in AD DS List manageability and reliability enhancements in AD DS.

Module 9: Active Directory Domain Services. Overview Describe new features in AD DS List manageability and reliability enhancements in AD DS.
Deploying Chromebooks RICK NICHOLAS A.

Deploying Chromebooks RICK NICHOLAS A.
Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium

Julien “Superman” Stroheker and Nicolas “Batman” Georgeault Negotium
Windows 2000 Operating System -- Active Directory Service COSC 516 Yuan YAO 08/29/2000.

Windows 2000 Operating System -- Active Directory Service COSC 516 Yuan YAO 08/29/2000.
Totally Automated Security (TAS) Mark Nichols Louisiana Department of Education (LDOE) March 6, 2007.

Totally Automated Security (TAS) Mark Nichols Louisiana Department of Education (LDOE) March 6, 2007.
Active Directory Operations Masters. Overview  Active Directory updates generally multimaster Changes can be made on any DC  Some exceptions — single.

Active Directory Operations Masters. Overview  Active Directory updates generally multimaster Changes can be made on any DC  Some exceptions — single.
Module 11: Read-Only Domain Controllers. Overview Describe the Read-Only Domain Controllers role Use Read-Only Domain Controllers.

Module 11: Read-Only Domain Controllers. Overview Describe the Read-Only Domain Controllers role Use Read-Only Domain Controllers.
NETWORK OPERATING SYSTEM INTEROPERABILITY Jason Looney EKU, Department of Technology, CEN.

NETWORK OPERATING SYSTEM INTEROPERABILITY Jason Looney EKU, Department of Technology, CEN.
 Identify Active Directory functions and Benefits.  Identify the major components that make up an Active Directory structure.  Identify how DNS relates.

 Identify Active Directory functions and Benefits.  Identify the major components that make up an Active Directory structure.  Identify how DNS relates.

Similar presentations

Ads by Google