HI, I have a samba/pdc/ldap and a courier/ladp host working fine. The pdc is the master ldap the courier/ldap is the slave. No problems! single sign on for windows and outlook (Same user same password!) If it is from interest I can post my setup and relations.
On Sat, 26 Feb 2011 10:13:22 -0500, "Gaiseric Vandal" <[email protected]> wrote: > Is this Samba 3 or Samba 4? > > > > If samba 3, which ldap server are you using> > > > > What is the mail server? Does the mail server have its own LDAP server > included it or is also using an external LDAP server. > > > > If you want replication between LDAP servers, they should be the same type > of LDAP server (e.g. OpenLDAP or Apache Directory Server or Oracle > Directory > Server.) If you have one type of LDAP server for Samba and one type of > LDAP server for Mail, you will not be easily able to replicate. > > > > If you are using Samba 3, you have a selection of LDAP servers you could > use. The mail server will determine if which LDAP works for mail, and > whether you can share the LDAP server between mail and samba. > > > > > > > > > > > > From: marcos gonzalez [mailto:[email protected]] > Sent: Saturday, February 26, 2011 5:42 AM > To: [email protected] > Cc: [email protected] > Subject: Re: [Samba] making BDC samba + ldap server > > > > Hi guys > > My network map is simple, ldap inside samba server centralizes all uses > inside the LAN included mail. My question is to reduce the use of net it's > a > good idea to create other ldap server inside mail server? And finally > which's the best relation between ldap.samba server and a future ldap mail > server, master.master o master slave? > > Thanks And Best Regards > > 2011/2/25 Gaiseric Vandal <[email protected]> > > I don't understand your question. What does mail have to do with Samba? > Does your mail server use LDAP authentication? Or do you want to use the > LDAp server as an central address book for your mail clients. Either way, > your LDAP server should be able to support attributes for both e-mail and > samba requirements. > > > > > > > On 02/24/2011 11:42 AM, marcos gonzalez wrote: > > Hi > > Im not sure if it's in this list but configuring ldap Im with a doubt.I > would like to distribute openldap conexions between mail server and samba > server. Which's the better form, master-master or master-slave? I > understand using PDC and BDC the relationship is master-slave, but between > mail and samba? > > Thanks& Best Regards > > 2011/2/21 marcos gonzalez<[email protected]> > > > > Ok in my server the ldap config is inside /etc/ and this file nss_ldap it's > inside /etc/ldap/. i didn't understand why pass this but now I understand > all > > Thanks > > > > > > Hi > > Ok, and how I config nss_ldap? When I copy all database is included? > > Well, the easiest way, for Samba use, is to simply cp your ldap.conf file > for the ldap client application to nss_ldap.conf--cp ldap.conf > nss_ldap.conf > (this can be a bit confusing, as openldap uses a file called ldap.conf for > configuring the ldap client as well as a file called ldap.conf for > configuring basic ldap server process. The server file is generally > contained in the directory where configuration files are kept in a > subdirectory called openldap along with files like slapd.conf and is > generally a small file witch looks something like this: > > # > # LDAP Defaults > # > > # See ldap.conf(5) for details > # This file should be world readable but not world writable. > > BASE dc=mydomain,dc=com > URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389 > # TLS_CACERT /usr/local/etc/openldap/cacert.pem > > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never > > whereas the ldap.conf for the client is rather lengthy and contains quite > a bit of information for contacting the ldap server, how the dit should be > searched, etc.) > > And, no, nss_ldap.conf has nothing to do with the ldap server. > nss_ldap.conf can be used to contact an external ldap server, just as the > ldap.conf for the ldap client application can/ > > Sorry for the newbie questions, If any time comes to barcelona contact me, > you has a beer paid (Daniel too) :-) > > Well, now that's quite a generous offer. Much appreciated. > > > > Thanks and Best Regards > > 2011/2/20<[email protected]> > > > > > Hi > > Thanks, this howto for me its better. I have other doubt, syncrepl needs > to be installed or comes integrated with slapd daemon? > > It is all part of the openldap suite. > > > > And to transfer all shared samba folders and profile content, when it's > the better moment? I understand when samba is down or when is up? > > Depends on the permissions. However, so long as ALL the files to be > transferred belong to users in LDAP then, with nss_ldap properly > configured, > any copy that preserves permissions should be fine. > > > > Thanks and Best Regards > > 2011/2/20<[email protected]> > > > > > Now you are on to copy your slapd.conf and ldap.conf to your new > machine: > Ex: scp slapd.conf root@2machine:/etc/openldap > > ---------------------------HOw I can make this If slurpd is deprecated? > The guide > > > http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP- > 2.4.html > > not's easy to understand, not exist other howto more simple? > > Here is another guide. The first link is quite comprehensive. > http://www.zytrax.com/books/ldap/ch7/ > > The entire online manual is a good read. I highly recommend it. > > > > > > Now important I do the trick with slurpd. There are many other ways > > > but this > > > is easy. > Slurpd should be installed on your Master an only there. > So go in to the slapd.conf on your master and put a few lines in it > > > at the > > > end. > Be carefull all tabs must fit exact as this example: > > > replica uri=ldap://IPOFYOUR2MACHINE:389 > binddn="cn=youradmin,dc=your,dc=ldap" > suffix="dc=yourc,dc=ldap" > bindmethod=simple > credentials=securepassword > > I understand the part of backup slapd only works with the service > stopped? > > Well Im grateful for all your time :-) > > Thanks and Best Regards > > > > 2011/2/18<[email protected]> > > > > > In my hint I think your samba PDC/Ldap is cuurently working well! > First of all install a second machine with the samba and ldap. > Do not start samba, do not start ldap. > The ldap database should be nearly empty ex:/var/lib/ldap > > Now copy your smb.conf to your new machine ex: scp root@2machine > :/etc/samba > Edit the smb.conf to your needs and adjust it to be a bdc: > domain master=NO > domain logons=YES > Make a testparm it should succed like this: > testparm > Load smb config files from /etc/samba/smb.conf > Processing section "[netlogon]" > WARNING: The "share modes" option is deprecated > Processing section "[sysvol]" > WARNING: The "share modes" option is deprecated > Processing section "[homes]" > Processing section "[profiles]" > Processing section "[alles]" > Processing section "[printers]" > Processing section "[print$]" > Loaded services file OK. > Server role: ROLE_DOMAIN_BDC<----------------------------you are a BDC > Press enter to see a dump of your service definitions > > Yes very nice! > > > > Now you are on to copy your slapd.conf and ldap.conf to your new > machine: > Ex: scp slapd.conf root@2machine:/etc/openldap > > Now important I do the trick with slurpd. > > Sorry, but Slurpd is depricated and no longer available in Openldap > since 2.3 > http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd > > Here is nice overview of the way LDAP currently works: > > > http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP- > 2.4.html > > Once you have sync-repl set up on the current master, and a proper > slapd.conf and ldap.conf file on the new machine, start ldap, then > > smbpasswd -w<ldap-master-passwd> > net rpc join -U<administrator> <domain name> > > Done. > > > > > > > > > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
