Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
Craig White wrote: On Mon, 2004-07-19 at 19:34, Jos Ildefonso Camargo Tolosa wrote: http://samba.idealx.org/smbldap-howto.fr.html as you recommended. I have one big question, which one do I put in '/etc/ldap.conf' nss_base_passwd dc=wbcoll,dc=edu?one nss_base_shadow dc=wbcoll,dc=edu?one nss_base_group ou=Groups,dc=wbcoll,dc=edu?one or nss_base_passwdou=Users,dc=wbcoll,dc=edu?one nss_base_shadowou=Users,dc=wbcoll,dc=edu?one nss_base_group ou=Groups,dc=wbcoll,dc=edu?one Neither, use this: nss_base_passwd dc=wbcoll,dc=edu?sub nss_base_shadow dc=wbcoll,dc=edu?sub nss_base_group ou=Groups,dc=wbcoll,dc=edu?one Look at the sub, it tells the system to descend to all the sub-objects it may have. --- It is pertinent to consider that this suggestion waives any efficiency for ease of use as it will tell all user lookups to search the entire LDAP tree. In fact, you should do something like this (that's what I did, if you read the thread): nss_base_passwd ou=Accounts,dc=wbcoll,dc=edu?sub nss_base_shadow ou=Accounts,dc=wbcoll,dc=edu?sub nss_base_group ou=Groups,dc=wbcoll,dc=edu?one And under ou=Accounts,dc=wbcoll,dc=edu, you create another ou: ou=People,ou=Accounts,dc=wbcoll,dc=edu here you place user accounts, and put this in the smb.conf for users ou=Computers,ou=Accounts,dc=wbcoll,dc=edu and here you place computers accounts. Off course, you can call Accounts whatever you want to call it: samba, domains, I don't know. I already told him to use his second choice as that is most efficient. I recognize that your option would permit the option of trying to use a separate organizational unit for Computers but this guy is endlessly confused, and simple is clearly better for his purposes, without considering the impact of excessive searching of the LDAP db. If you only have the ldap for samba, there will not be any problem. It will also allow you to create others ou to futher organize your users (you can't ask someone to have, let's say, 900 users in just one ou). This would also allow you to delegate the administration of a group of users to another person, without giving him access to the whole directory. I was endlessly confused myself when I started with this, I read many different howtos, all of them saying different things. And I have been a samba user for more than two years, I just started to use it with ldap about five months ago. Craig Ildefonso Camargo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
Mohammad Reza wrote: Dear lists... But this still un-solved the real problem to join w2k to samba3-ldap . I'm here with the same situation. I even switch my distro to SuSe with same result, still cant join domain. Please give us hint how to solve or debug this problem. Sorry, I looked at the thread, and I don't have info about your problem with w2k. According to what I read at the link posted by Abebe, I think it may be a problem with the unix system not seeing the machine account created automatically by samba (ie, the smbldap-useradd script). You should be able to do a su - winxp\$ as root, and it should log in: obelix:~# su - virtualxp\$ No directory, logging in with HOME=/ Off course, it will not give you a prompt as virtualxp\$, because the shell is /bin/false, but If the user didn't existed, it would answered: Unkown ID, or something like that. regards reza -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tue 7/20/2004 9:48 AM To: [EMAIL PROTECTED] Cc: Subject:Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED On Mon, 2004-07-19 at 19:34, Jos Ildefonso Camargo Tolosa wrote: http://samba.idealx.org/smbldap-howto.fr.html as you recommended. I have one big question, which one do I put in '/etc/ldap.conf' nss_base_passwd dc=wbcoll,dc=edu?one nss_base_shadow dc=wbcoll,dc=edu?one nss_base_group ou=Groups,dc=wbcoll,dc=edu?one or nss_base_passwdou=Users,dc=wbcoll,dc=edu?one nss_base_shadowou=Users,dc=wbcoll,dc=edu?one nss_base_group ou=Groups,dc=wbcoll,dc=edu?one Neither, use this: nss_base_passwd dc=wbcoll,dc=edu?sub nss_base_shadow dc=wbcoll,dc=edu?sub nss_base_group ou=Groups,dc=wbcoll,dc=edu?one Look at the sub, it tells the system to descend to all the sub-objects it may have. --- It is pertinent to consider that this suggestion waives any efficiency for ease of use as it will tell all user lookups to search the entire LDAP tree. I already told him to use his second choice as that is most efficient. I recognize that your option would permit the option of trying to use a separate organizational unit for Computers but this guy is endlessly confused, and simple is clearly better for his purposes, without considering the impact of excessive searching of the LDAP db. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
Hi! abebe lsslp wrote: Hey Thanks for the help. I think I am about to take you on your offer. since you said to ask if I have any question, here I am. Ok. I usually do the installation from the top of my head, but I followed It's always better to never trust anything one read, just test it and try to figureout how it really works. I used both, the idealx howto and the samba-3 by example. Well, I also used some info from the samba-3 howto. http://samba.idealx.org/smbldap-howto.fr.html as you recommended. I have one big question, which one do I put in '/etc/ldap.conf' nss_base_passwd dc=wbcoll,dc=edu?one nss_base_shadow dc=wbcoll,dc=edu?one nss_base_group ou=Groups,dc=wbcoll,dc=edu?one or nss_base_passwdou=Users,dc=wbcoll,dc=edu?one nss_base_shadowou=Users,dc=wbcoll,dc=edu?one nss_base_group ou=Groups,dc=wbcoll,dc=edu?one Neither, use this: nss_base_passwd dc=wbcoll,dc=edu?sub nss_base_shadow dc=wbcoll,dc=edu?sub nss_base_group ou=Groups,dc=wbcoll,dc=edu?one Look at the sub, it tells the system to descend to all the sub-objects it may have. The idealx howto was not really clear on this one. I have posted the problems I have and other detail installation steps and configuration files at http://150.208.105.24/smbldap-pdc/smbldap-pdc.html. The file are one directory below at http://150.208.105.24/smbldap-pdc/ I am not really using ldap ssl = start tls yet. I will get to that part after I get the rest of the stuff working. Thanks again, Ambex __ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] best filesystem choice for samba
Hi! Malcolm Baldridge wrote: Quoting Mark Lidstone [EMAIL PROTECTED]: ARGH! I'm wondering if airing thoughts about VFAT performance publicly was a good idea. I doubt VFAT's case insensitivity would be worth dealing with its terrible linear-search-time directory lookup methods. The reason I suggested reiserfs (or ext3 with directory hashing) is to reduce the high costs of locating a directory entry within a directory of many ( 10,000) files. msdos/vfat does not offer superior directory lookup times, and from my limited testing, neither does NTFS. ext2/ext3 in stock configuration is also slow, though it appears very recent kernels/ext2fsutils offer an FFS-like directory hashing option which needs a format-time decision to be made upon setting up the filesystem. You can enable it with tune2fs: obelix:~# tune2fs -O dir_index /dev/hda3 See man tune2fs for more help. I have no knowledge about XFS or JFS and how they compare. I know both are industrial filesystems brought down from the Ivory Towers onto the pipsqueak platforms. As for horror stories, well, each filesystem has had their respective tales of misery and woe... ext3 had shocking and fatal dataloss bugs in the adolescent versions of 2.4.x., and some RAID + reiserfs configs saw some real wowsers as well. From bug reports/changelogs, I've seen similar tales of woe for XFS and JFS if you trigger just the right combination of things. From my own experiences, things have matured and stabilised with reiserfs and ext3 to the point where using either is fine for my purposes. I had very bad experience with reiser: 4 servers installed with reiser, 4 server died due to filesystem corruption in a time that varied from two to six months (the last one had UPS, the others not). I reinstalled them with ext3: almost a year since I reinstalled the first: no problems. The decision comes down to: 1) Do you need quotas? If yes, you cannot use reiserfs. 2) Do you need ACLs? If yes, only ext2/ext3 has well-tested seamless support, though I think there are wildcat patches to bring this to XFS (and maybe others) as well. I'm not sure about the stability of this. ext3 used with -O dir_index *MAY* provide better performance for large directory list lookups, but I've never tested it. It requires Linux 2.6 for starters for the kernel-side stuff to actually support it properly. grepping the linux 2.4 source shows no mention of hashing b-trees or dir_index options for ext[23]. This is a RECENT addition to ext3, and I don't think the support actually exists within 2.4 yet. I've seen mention of special backported patches but this smells scarier to me than using filesystems which have been seamlessly integrated for over a year or so now. So in terms of viable performance-driven alternatives, I see it being reiserfs, xfs, or jfs. In my experience: the fourth server (the one with the ups): Dual XEON 2Gb RAM, 3x36Gb scsi disk in raid-5 array smart array 5300, running squid: it was slower then (with reiser), than now (with ext3). I have only saw reiser to be faster when I delete a LARGE file (1Gb). I'm going to test ext3 with the dir_index option. vfat/dos isn't faster, even with case insensitive semantics, for directory sizes of 20,000 or more. I agree. Ildefonso [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba