I currently use Fedora-DS
integrated with Samba*as my domain controller in an organization with 141
offices. With only*one domain controller I am able to authenticate*a
user population of 5000 users, however as my organization grows I have
challenges daily with authentication. Every morning users trying to logon to my
Windows domain keep getting errors while siging on and this frequently leads to
account lockouts and frustation of users.
*
After going through your documentation on multiple load
balanced FDS server installation I still have all traffic coming to one server
on the network. My challenge is setting up FDS in the data centre on multiple
servers to authenticate my users while accommodating growth. Is there any
suggestion you can offer me or documentation where I can go through setup of a
centalized FDS cluster for a large user base?
*
I will greatly appreciate any help you can
proffer.
*
Regards
*
Osereme Osobase
Enterprise Infrastructure
Support
Technology
GTBank Nigeria - http://www.gtbank.com
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
02-06-2009, 07:55 AM
Premod Dev
Challenges with Fedora DS
Hi Oserome,
Why cant you try as follows,
Create multiple masters (multi master replication)Use a load balancer ( hardware or software ie like linux virtual server) for load balance between these multi master servers.Give a common fqdn in SAMBA which should resolve to load balancer and rest will do the load balancer.
Thanks,
Premod
*
----- Original Message -----
From: "osereme.osobase" <osereme.osobase@gtbank.com>
To: fedora-directory-devel@redhat.com
Cc: fedora-directory-users@redhat.com
Sent: Wednesday, February 4, 2009 11:54:37 PM GMT +05:30 Chennai, Kolkata, Mumbai, New Delhi
Subject: [Fedora-directory-users] Challenges with Fedora DS
Hi,
I currently use Fedora-DS
integrated with Samba*as my domain controller in an organization with 141
offices. With only*one domain controller I am able to authenticate*a
user population of 5000 users, however as my organization grows I have
challenges daily with authentication. Every morning users trying to logon to my
Windows domain keep getting errors while siging on and this frequently leads to
account lockouts and frustation of users.
*
After going through your documentation on multiple load
balanced FDS server installation I still have all traffic coming to one server
on the network. My challenge is setting up FDS in the data centre on multiple
servers to authenticate my users while accommodating growth. Is there any
suggestion you can offer me or documentation where I can go through setup of a
centalized FDS cluster for a large user base?
*
I will greatly appreciate any help you can
proffer.
*
Regards
*
Osereme Osobase
Enterprise Infrastructure
Support
Technology
GTBank Nigeria - http://www.gtbank.com
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
02-06-2009, 01:14 PM
"John A. Sullivan III"
Challenges with Fedora DS
Out of curiosity (I am still learning much about LDAP and DS), is a load
balancer necessary or could it be done simply through round robin dns?
For example, in our testing, we set up a replica ds. One is ldap01, the
other is ldap02 and their certificates both have ldap as well as ldap01
or ldap01 in their subjAltNames. There are two entries in DNS for ldap
- one pointing to ldap01 and the other to ldap02. Will such a setup
work?
For simply logging in, is a master necessary or can one use a read-only
replica? Thanks - John
On Fri, 2009-02-06 at 01:55 -0700, Premod Dev wrote:
> Hi Oserome,
>
> Why cant you try as follows,
> * Create multiple masters (multi master replication)
> * Use a load balancer ( hardware or software ie like linux
> virtual server) for load balance between these multi master
> servers.
> * Give a common fqdn in SAMBA which should resolve to load
> balancer and rest will do the load balancer.
>
> Thanks,
> Premod
>
> ----- Original Message -----
> From: "osereme.osobase" <osereme.osobase@gtbank.com>
> To: fedora-directory-devel@redhat.com
> Cc: fedora-directory-users@redhat.com
> Sent: Wednesday, February 4, 2009 11:54:37 PM GMT +05:30 Chennai,
> Kolkata, Mumbai, New Delhi
> Subject: [Fedora-directory-users] Challenges with Fedora DS
>
> Hi,
>
> I currently use Fedora-DS integrated with Samba as my domain
> controller in an organization with 141 offices. With only one domain
> controller I am able to authenticate a user population of 5000 users,
> however as my organization grows I have challenges daily with
> authentication. Every morning users trying to logon to my Windows
> domain keep getting errors while siging on and this frequently leads
> to account lockouts and frustation of users.
>
> After going through your documentation on multiple load balanced FDS
> server installation I still have all traffic coming to one server on
> the network. My challenge is setting up FDS in the data centre on
> multiple servers to authenticate my users while accommodating growth.
> Is there any suggestion you can offer me or documentation where I can
> go through setup of a centalized FDS cluster for a large user base?
>
> I will greatly appreciate any help you can proffer.
>
> Regards
>
> Osereme Osobase
> Enterprise Infrastructure Support
> Technology
> GTBank Nigeria - http://www.gtbank.com
>
> -- Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
02-06-2009, 04:09 PM
Premod Dev
Challenges with Fedora DS
If clients directly hitting Directory server for auth, DNS round robin is sufficient, but if the hit to directory from a single host (say as in Oserome's case SAMBA PDC), it will hit the next server only after the TTL value got expired. Otherwise it will hit o the same server only.
And for logging purpose it doesn't require Master, replica will be fine.
----- Original Message -----
From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
To: "General discussion list for the Fedora Directory server project." <fedora-directory-users@redhat.com>
Cc: fedora-directory-devel@redhat.com
Sent: Friday, February 6, 2009 7:44:12 PM GMT +05:30 Chennai, Kolkata, Mumbai, New Delhi
Subject: Re: [Fedora-directory-users] Challenges with Fedora DS
Out of curiosity (I am still learning much about LDAP and DS), is a load
balancer necessary or could it be done simply through round robin dns?
For example, in our testing, we set up a replica ds. *One is ldap01, the
other is ldap02 and their certificates both have ldap as well as ldap01
or ldap01 in their subjAltNames. *There are two entries in DNS for ldap
- one pointing to ldap01 and the other to ldap02. *Will such a setup
work?
For simply logging in, is a master necessary or can one use a read-only
replica? Thanks - John
On Fri, 2009-02-06 at 01:55 -0700, Premod Dev wrote:
> Hi Oserome,
>
> Why cant you try as follows,
> * * * * Create multiple masters (multi master replication)
> * * * * Use a load balancer ( hardware or software ie like linux
> * * * * virtual server) for load balance between these multi master
> * * * * servers.
> * * * * Give a common fqdn in SAMBA which should resolve to load
> * * * * balancer and rest will do the load balancer.
>
> Thanks,
> Premod
> *
> ----- Original Message -----
> From: "osereme.osobase" <osereme.osobase@gtbank.com>
> To: fedora-directory-devel@redhat.com
> Cc: fedora-directory-users@redhat.com
> Sent: Wednesday, February 4, 2009 11:54:37 PM GMT +05:30 Chennai,
> Kolkata, Mumbai, New Delhi
> Subject: [Fedora-directory-users] Challenges with Fedora DS
>
> Hi,
>
> I currently use Fedora-DS integrated with Samba as my domain
> controller in an organization with 141 offices. With only one domain
> controller I am able to authenticate a user population of 5000 users,
> however as my organization grows I have challenges daily with
> authentication. Every morning users trying to logon to my Windows
> domain keep getting errors while siging on and this frequently leads
> to account lockouts and frustation of users.
> *
> After going through your documentation on multiple load balanced FDS
> server installation I still have all traffic coming to one server on
> the network. My challenge is setting up FDS in the data centre on
> multiple servers to authenticate my users while accommodating growth.
> Is there any suggestion you can offer me or documentation where I can
> go through setup of a centalized FDS cluster for a large user base?
> *
> I will greatly appreciate any help you can proffer.
> *
> Regards
> *
> Osereme Osobase
> Enterprise Infrastructure Support
> Technology
> GTBank Nigeria - http://www.gtbank.com
>
> -- Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
Challenges with Fedora DS
