<title>Features And Benefits</title>
<para>
-Stuff goees here
+This is one of the most difficult chapters to summarise. It matters not what we say here
+for someone will still draw conclusions and / or approach the Samba-Team with expectations
+that are either not yet capable of being delivered, or that can be achieved for more
+effectively using a totally different approach. Since this HOWTO is already so large and
+extensive, we have taken the decision to provide sufficient (but not comprehensive)
+information regarding Backup Domain Control. In the event that you should have a persistent
+concern that is not addressed in this HOWTO document then please email
+<ulink url="mailto:jht@samba.org">John H Terpstra</ulink> clearly setting out your requirements
+and / or question and we will do our best to provide a solution.
</para>
+<para>
+Samba-3 is capable of acting as a Backup Domain Controller to another Samba Primary Domain
+Controller. A Samba-3 PDC can operate with an LDAP Account backend. The Samba-3 BDC can
+operate with a slave LDAP server for the Account backend. This effectively gives samba a high
+degree of scalability. This is a very sweet (nice) solution for large organisations.
+</para>
+
+<para>
+While it is possible to run a Samba-3 BDC with non-LDAP backend, the administrator will
+need to figure out precisely what is the best way to replicate (copy / distribute) the
+user and machine Accounts backend. Again, Samba-3 provides a number of possibilities:
+</para>
+
+<itemizedlist>
+<title>Backup Domain Backend Account Distribution Options</title>
+ <listitem><para>
+ Passwd Backend is LDAP based, BDCs use a slave LDAP server
+ </para></listitem>
+
+ <listitem><para>
+ Passdb Backend is tdbsam based, BDCs use cron based "net rcp vampire" to
+ suck down the Accounts database from the PDC
+ </para></listitem>
+
+ <listitem><para>
+ Make use of rsync to replicate (pull down) copies of the essential account files
+ </para></listitem>
+
+ <listitem><para>
+ Operate with an entirely local accounts database (not recommended)
+ </para></listitem>
+</itemizedlist>
+
</sect1>
<sect1>
</sect1>
-<sect1>
-<title>Can Samba be a Backup Domain Controller to an NT4 PDC?</title>
-
-<para>
-With version 2.2, no. The native NT4 SAM replication protocols have not yet been fully
-implemented. The Samba Team is working on understanding and implementing the protocols,
-but this work has not been finished for version 2.2.
-</para>
-
-<para>
-With version 3.0, the work on both the replication protocols and a suitable storage
-mechanism has progressed, and some form of NT4 BDC support is expected soon.
-</para>
-
-<para>
-Can I get the benefits of a BDC with Samba? Yes. The main reason for implementing a
-BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to
-service logon requests whenever the PDC is down.
-</para>
-
-</sect1>
-
-
<sect1>
<title>Backup Domain Controller Configuration</title>
</itemizedlist>
+<sect2>
+<title>Example Configuration</title>
+
<para>
Finally, the BDC has to be found by the workstations. This can be done by setting:
</para>
<para><programlisting>
+<title>Essential Parameters for BDC Operation</title>
workgroup = SAMBA
domain master = no
domain logons = yes
<para>
in the [global]-section of the smb.conf of the BDC. This makes the BDC
-only register the name SAMBA#1c with the WINS server. This is no
-problem as the name SAMBA#1c is a NetBIOS group name that is meant to
+only register the name SAMBA<#1c> with the WINS server. This is no
+problem as the name SAMBA<#1c> is a NetBIOS group name that is meant to
be registered by more than one machine. The parameter 'domain master =
-no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS
+no' forces the BDC not to register SAMBA<#1b> which as a unique NetBIOS
name is reserved for the Primary Domain Controller.
</para>
+</sect2>
+</sect1>
+
+<sect1>
+<title>Common Errors</title>
+
+<para>
+As this is a rather new area for Samba there are not many examples thta we may refer to. Keep
+watching for updates to this section.
+</para>
+
+<sect2>
+<title>Machine Accounts keep expiring, what can I do?</title>
+
+<para>
+This problem will occur when occur when the account files are replicated from a central
+server but the local Domain Controllers are not forwarding machine account password updates
+back to the central server, or where there is an excessive delay in replication of the centrally
+changed machine account password to the local Domain Controller.
+</para>
+
+</sect2>
+
+<sect2>
+<title>Can Samba be a Backup Domain Controller to an NT4 PDC?</title>
+
+<para>
+With version 2.2, no. The native NT4 SAM replication protocols have not yet been fully
+implemented. The Samba Team is working on understanding and implementing the protocols,
+but this work has not been finished for version 2.2.
+</para>
+
+<para>
+With version 3.0, the work on both the replication protocols and a suitable storage
+mechanism has progressed, and some form of NT4 BDC support is expected soon.
+</para>
+
+<para>
+Can I get the benefits of a BDC with Samba? Yes. The main reason for implementing a
+BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to
+service logon requests whenever the PDC is down.
+</para>
+
+</sect2>
+
<sect2>
<title>How do I replicate the smbpasswd file?</title>
to type a password.
</para>
-
</sect2>
<sect2>
needs to make a modification to the database. (Normally BDCs are read only, so
this will not occur often).
</para>
-</sect2>
-
-</sect1>
-
-<sect1>
-<title>Common Errors</title>
-
-<para>
-Stuff goes here
-</para>
+</sect2>
</sect1>
</chapter>