> I have 1 Samba 3.0 server with LDAP 2.1.23 running on backend from the same machine. > These are both RedHat 8.0. I have 2 other servers I would like to use the same LDAP > directory. I used net join to join the servers to the domain. Prior to joining the > domain the the servers had no SID. After using net join they got a new SID (net > getlocalsid). In the LDAP directory what SID base should be attached to users and > computers that I add? The original Domain SID?
You should really add users VIA samba, or at least the sambaSamAccount objectclass. This will work if you already have a posixAccount objectclass. It will generate the SID based upon the domain SID and the uidNumber/gidNumber. > I may have messed this up. What I want to do is set up the second 2 servers as > member servers in the domain, and put user accounts with home directories on them. > User uses LDAP to authenticate to member server. So far I can create an account and > login in but I am unsure if I m using the SID for the user correctly. Let Samba set the SID. > What is a recommended for master slave LDAP servers that are used primarily for > authentication to Samba servers. Should I set up a slave LDAP server for the member > servers? These member servers would be located in separate buildings. The main > server has about 1000 user accounts, and member servers about 120 each when finished. Eh? User accounts exist in the SAM, in this case LDAP - everywhere. Slaves are just replicas of the master for redundancy and performance. > At any one time I anticipate 20-30% will be logged in during peak hours. > > Any help that anyone can give me on this I'd appreciate. This is a fairly large > installation that eventually will span 8 building each with there own Samba server > but authenticating to a single OpenLDAP directory. Make a master LDAP on the PDC, load all the users. Join the member servers to the domain. Create LDAP replicas on several/all member servers. Setup NSS on the member servers to use their local/near-by LDAP replica. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
