For the remainder of this chapter the focus is on the configuration of domain control.
The examples that follow are for two implementation strategies. Remember, our objective is
to create a simple but working solution. The remainder of this book should help to highlight
opportunity for greater functionality and the complexity that goes with it.
A domain controller configuration can be achieved with a simple configuration using the new
tdbsam password backend. This type of configuration is good for small
offices, but has limited scalability (cannot be replicated), and performance can be expected
to fall as the size and complexity of the domain increases.
The use of tdbsam is best limited to sites that do not need
more than a Primary Domain Controller (PDC). As the size of a domain grows the need
for additional domain controllers becomes apparent. Do not attempt to under-resource
a Microsoft Windows network environment; domain controllers provide essential
authentication services. The following are symptoms of an under-resourced domain control
Domain logons intermittently fail.
File access on a domain member server intermittently fails, giving a permission denied
A more scalable domain control authentication backend option might use
Microsoft Active Directory or an LDAP-based backend. Samba-3 provides
for both options as a domain member server. As a PDC, Samba-3 is not able to provide
an exact alternative to the functionality that is available with Active Directory.
Samba-3 can provide a scalable LDAP-based PDC/BDC solution.
The tdbsam authentication backend provides no facility to replicate
the contents of the database, except by external means (i.e., there is no self-contained protocol
in Samba-3 for Security Account Manager database [SAM] replication).