Gary Peck wrote: > Hi Michael, > > This option seemed to work: > > passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com" > > > I swear I had tried that before, but I must not have. Thanks for your > help. I am that much closer to having 2000 Faculty/Staff users start using > the system.
Ok, good to know things are working again! Please try to keep the list posted. Cheers - Michael > Thanks, > > Gary > > > > > > On 3/26/2010 6:15 AM, Michael Adam wrote: > >Gary Peck wrote: > > > >>I have actually tired that and could not get that to work. At least it > >>does not work on the version of samba that is bundled with Solaris 10 > >>(3.0.37). > >> > >>passdb backend = ldap:"ldap://ldap1.example.com ldap://ldap2.example.com" > >>--- This causes a core dump > >> > >oh, i mis-spelled ldap: instead of ldapsam: > > > > > >>passdb backend = ldapsam:"ldap://ldap1.example.com > >>ldap://ldap2.example.com" smbpasswd username fails connecting to primary > >>ldap server and just errors out. > >> > >Hmm, what ldap library are you using? reading from the smb.conf > >manpage: > > > > > >>>>>> - ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an > >>>>>> optional argument (defaults to > >>>>>> ldap://localhost) > >>>>>> > >>>>>> LDAP connections should be secured where possible. This may be > >>>>>> done using either Start-TLS (see > >>>>>> ldap ssl) or by specifying ldaps:// in the URL argument. > >>>>>> > >>>>>> Multiple servers may also be specified in double-quotes. Whether > >>>>>> multiple servers are supported > >>>>>> or not and the exact syntax depends on the LDAP library you use. > >>>>>> > >>>>>> Examples of use are: > >>>>>> > >>>>>> passdb backend = tdbsam:/etc/samba/private/passdb.tdb > >>>>>> > >>>>>> or multi server LDAP URL with OpenLDAP library: > >>>>>> > >>>>>> passdb backend = ldapsam:"ldap://ldap-1.example.com > >>>>>> ldap://ldap-2.example.com" > >>>>>> > >>>>>> or multi server LDAP URL with Netscape based LDAP library: > >>>>>> > >>>>>> passdb backend = ldapsam:"ldap://ldap-1.example.com > >>>>>> ldap-2.example.com" > >>>>>> > >So it depends on your LDAP client library and the example I gave you is > >valid > >for openLDAP, possibly not for yours, if it supports multiple servers at > >all. > >You could try the second syntax ldapsam:"ldap://ldap-1.example.com > >ldap-2.example.com". > > > >The bottom line is that the string between the quotes has to be a valid > >string > >accepted by the ldap init routine of your library... > > > >Cheers - Michael > > > > > >>It seems to be the 3.0.22 release that I remember seeing a not that ldap > >>failover was deprecated for some reason. The only way I have been able > >>to get any type of failover is setting up a DNS entry to round robin > >>between two Sun DS7 multimaster directory servers. > >> > >>Thanks, > >> > >>Gary > >> > >>On 3/25/2010 3:16 PM, Michael Adam wrote: > >> > >>>Hi Gary, > >>> > >>>Gary Peck wrote: > >>> > >>> > >>>>After trying multiple options in the smb.conf file the only way I could > >>>>get fail over to work was having two ldap servers setup in a multimaster > >>>>replication and having a DNS entry setup that round robins between the > >>>>two. Everything seems to work, I can bring down one ldap server and > >>>>samba will still authenticate and let users in. Anybody know of any > >>>>issues doing it this way? > >>>> > >>>>Thanks, > >>>> > >>>>Gary > >>>> > >>>> > >>>> > >>>>>If I have read the documentation correctly, it looks like you can not > >>>>>have a fail over LDAP server defined in the smb.conf file for the > >>>>>passdb > >>>>>backend. It looks like this feature was taken away in an earlier > >>>>>release. Is this correct? If not could somebody steer me in the right > >>>>>direction. > >>>>> > >>>>> > >>>Is the question how to specify multiple ldap servers in smb.conf? > >>>If so, here is the answer: > >>> > >>> passdb backend = ldap:"ldap://ldap1.example.com > >>> ldap://ldap2.example.com" > >>> > >>>I.e. put a spaces separated list of ldap urls into quotes. > >>> > >>>If that was not your question, please clarify. > >>> > >>>Cheers - Michael > >>> > >>> > >> > > >
pgpWzjSXPs9ci.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba