I don't understand your question. What does mail have to do with
Samba? Does your mail server use LDAP authentication? Or do you want
to use the LDAp server as an central address book for your mail
clients. Either way, your LDAP server should be able to support
attributes for both e-mail and samba requirements.
On 02/24/2011 11:42 AM, marcos gonzalez wrote:
Hi
Im not sure if it's in this list but configuring ldap Im with a doubt.I
would like to distribute openldap conexions between mail server and samba
server. Which's the better form, master-master or master-slave? I
understand using PDC and BDC the relationship is master-slave, but between
mail and samba?
Thanks& Best Regards
2011/2/21 marcos gonzalez<[email protected]>
Ok in my server the ldap config is inside /etc/ and this file nss_ldap it's
inside /etc/ldap/. i didn't understand why pass this but now I understand
all
Thanks
Hi
Ok, and how I config nss_ldap? When I copy all database is included?
Well, the easiest way, for Samba use, is to simply cp your ldap.conf file
for the ldap client application to nss_ldap.conf--cp ldap.conf nss_ldap.conf
(this can be a bit confusing, as openldap uses a file called ldap.conf for
configuring the ldap client as well as a file called ldap.conf for
configuring basic ldap server process. The server file is generally
contained in the directory where configuration files are kept in a
subdirectory called openldap along with files like slapd.conf and is
generally a small file witch looks something like this:
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=mydomain,dc=com
URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389
# TLS_CACERT /usr/local/etc/openldap/cacert.pem
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
whereas the ldap.conf for the client is rather lengthy and contains quite
a bit of information for contacting the ldap server, how the dit should be
searched, etc.)
And, no, nss_ldap.conf has nothing to do with the ldap server.
nss_ldap.conf can be used to contact an external ldap server, just as the
ldap.conf for the ldap client application can/
Sorry for the newbie questions, If any time comes to barcelona contact me,
you has a beer paid (Daniel too) :-)
Well, now that's quite a generous offer. Much appreciated.
Thanks and Best Regards
2011/2/20<[email protected]>
Hi
Thanks, this howto for me its better. I have other doubt, syncrepl needs
to be installed or comes integrated with slapd daemon?
It is all part of the openldap suite.
And to transfer all shared samba folders and profile content, when it's
the better moment? I understand when samba is down or when is up?
Depends on the permissions. However, so long as ALL the files to be
transferred belong to users in LDAP then, with nss_ldap properly configured,
any copy that preserves permissions should be fine.
Thanks and Best Regards
2011/2/20<[email protected]>
Now you are on to copy your slapd.conf and ldap.conf to your new
machine:
Ex: scp slapd.conf root@2machine:/etc/openldap
---------------------------HOw I can make this If slurpd is deprecated?
The guide
http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html
not's easy to understand, not exist other howto more simple?
Here is another guide. The first link is quite comprehensive.
http://www.zytrax.com/books/ldap/ch7/
The entire online manual is a good read. I highly recommend it.
Now important I do the trick with slurpd. There are many other ways
but this
is easy.
Slurpd should be installed on your Master an only there.
So go in to the slapd.conf on your master and put a few lines in it
at the
end.
Be carefull all tabs must fit exact as this example:
replica uri=ldap://IPOFYOUR2MACHINE:389
binddn="cn=youradmin,dc=your,dc=ldap"
suffix="dc=yourc,dc=ldap"
bindmethod=simple
credentials=securepassword
I understand the part of backup slapd only works with the service
stopped?
Well Im grateful for all your time :-)
Thanks and Best Regards
2011/2/18<[email protected]>
In my hint I think your samba PDC/Ldap is cuurently working well!
First of all install a second machine with the samba and ldap.
Do not start samba, do not start ldap.
The ldap database should be nearly empty ex:/var/lib/ldap
Now copy your smb.conf to your new machine ex: scp root@2machine
:/etc/samba
Edit the smb.conf to your needs and adjust it to be a bdc:
domain master=NO
domain logons=YES
Make a testparm it should succed like this:
testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[netlogon]"
WARNING: The "share modes" option is deprecated
Processing section "[sysvol]"
WARNING: The "share modes" option is deprecated
Processing section "[homes]"
Processing section "[profiles]"
Processing section "[alles]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_BDC<----------------------------you are a BDC
Press enter to see a dump of your service definitions
Yes very nice!
Now you are on to copy your slapd.conf and ldap.conf to your new
machine:
Ex: scp slapd.conf root@2machine:/etc/openldap
Now important I do the trick with slurpd.
Sorry, but Slurpd is depricated and no longer available in Openldap
since 2.3
http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd
Here is nice overview of the way LDAP currently works:
http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html
Once you have sync-repl set up on the current master, and a proper
slapd.conf and ldap.conf file on the new machine, start ldap, then
smbpasswd -w<ldap-master-passwd>
net rpc join -U<administrator> <domain name>
Done.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
