Given that I have currently have 6 member servers, I think that amount of ldap replication would be over-kill. I was considering one ldap slave. I will consult the Docs that Louis pointed me to and look at the winbind config.
Thanks, Dp. On 1 June 2011 19:04, Dale Schroeder <[email protected]> wrote: > Dermot, > > What Louis describes does indeed allow for single sign on. The non-PDC > systems are no longer member servers in the truest sense, but rather, all > become BDC's (security = user). > > If you do not wish to install ldap on all systems, then the options are to > use winbind, or to use nss-ldap and pam-ldap instead. Either will allow for > single sign on as true member servers (security = DOMAIN) to authenticate > against the PDC. The former is well documented; the latter is much harder > to find. > > Dale > > > On 06/01/2011 10:21 AM, Dermot wrote: >> >> Thanks but I am not sure that I have made myself clear. >> >> I want to remove Windows NT from my production environment. I would >> like to use Samba as the PDC with ldap backend and some replication. >> So far in tests this all works EG, Window7 and WinXP can authenticate. >> >> I have one more thing I would like to achieve. I want files on the >> Samba member server to be owned by the domain user without having to >> add each domain user locally to the member server's /etc/passwd file. >> >> I don't think the articles you have suggested address how to do that. >> Dp. >> >> >> >> >> On 1 June 2011 12:37, L.P.H. van Belle<[email protected]> wrote: >>> >>> Wel setup ldap with replication. >>> I have this setup and i use syncrepl for ldap replication. >>> This is working for 5 years now. >>> I manage my users and groups with the NT4 user manager. >>> >>> >>> Look here. >>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html >>> I use this setup : PDC -> LDAP master server, BDC -> LDAP slave server. >>> My ldap slave is readonly. >>> >>> I use debian OS. >>> look here for a nice example >>> http://www.server-world.info/en/note?os=Debian_6.0&p=samba&f=6 >>> and look hier >>> >>> http://fr33co.wordpress.com/2009/02/19/replicacion-ldap-con-syncrepl-en-debian-lenny/ >>> if you need other language put it in a translator ;-) >>> >>> Good luck. >>> >>> Louis >>> >>> >>>> -----Oorspronkelijk bericht----- >>>> Van: [email protected] >>>> [mailto:[email protected]] Namens Dermot >>>> Verzonden: 2011-06-01 13:04 >>>> Aan: [email protected] >>>> Onderwerp: [Samba] Single sign on nivana >>>> >>>> Hi, >>>> >>>> I have Samba 3.5.6 that is running as a PDC for testing purposes. In >>>> my production environment I still use a NT4 domain and all the samba >>>> member server use domain security. One of the irritations I have with >>>> the Samba members set-up is that I have to add the users to the local >>>> server so that files created by a domain user are owned by them and >>>> not the guest account. Ideally I would like to add the users to the >>>> PDC alone and then if a domain user creates a file on a member server, >>>> when I viewed those file, either from a windows machine or from a >>>> shell on the member server, I could see who they belong to. I'm sure >>>> that there is a means of doing this, but I get gleam it from the docs. >>>> Can anyone advise me on the configuration I would need? >>>> >>>> Thank you, >>>> Dermot. >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
