Thank you. I have set up one server as BDC and slave LDAP to master. The
others should be easy now that I have one set up. The only way I was
able to achieve replication was using the rootdn account. In the slave
slapd.conf one specifies the updatedn and updateref. Is there any place
to put a password if bindmethod is simple? I believe that is the
problem. I configured write access to a replication account as:
slave slapd.conf...
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26
17:06:18 kurt Exp $
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
database ldbm
suffix "dc=tow,dc=net"
rootdn "cn=admin,dc=tow,dc=net"
rootpw {SSHA}bbcOI00dfOOJdNCsuFfWf8forJC/Q2P8
directory /usr/local/var/openldap-slurp/wareham
updatedn "uid=hugo,ou=users,dc=tow,dc=net"
updateref "ldap://172.16.0.3";
schemacheck on
lastmod on
# Indices to maintain
#index objectClass eq
index objectClass,uid,uidNumber,gidNumber eq
#index cn,mail,surname,givenname eq,subinitial
index cn,sn pres,eq,sub
access to dn=".*dc=tow,dc=net"
by self write
by dn="uid=hugo,ou=users,dc=tow,dc=net" write
by * read
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by dn="cn=hugo,ou=Users,dc=tow,dc=net" write
by self write
by anonymous auth
by * none
When I start slapd -d1 I can watch attempts to update from the master
but it doesn't occur.
Suggestions?
CH 6 samba-howto collection helped with setup also.
On Wed, 2003-11-26 at 14:34, Patrick wrote:
> Adam Williams wrote:
>
> >>I have 1 Samba 3.0 server with LDAP 2.1.23 running on backend from the same
> >>machine. These are both RedHat 8.0. I have 2 other servers I would like to use the
> >>same LDAP directory. I used net join to join the servers to the domain. Prior to
> >>joining the domain the the servers had no SID. After using net join they got a new
> >>SID (net getlocalsid). In the LDAP directory what SID base should be attached to
> >>users and computers that I add? The original Domain SID?
> >>
> >>
> >
> >You should really add users VIA samba, or at least the sambaSamAccount
> >objectclass. This will work if you already have a posixAccount
> >objectclass. It will generate the SID based upon the domain SID and the
> >uidNumber/gidNumber.
> >
> >
> >
> >>I may have messed this up. What I want to do is set up the second 2 servers as
> >>member servers in the domain, and put user accounts with home directories on them.
> >>User uses LDAP to authenticate to member server. So far I can create an account
> >>and login in but I am unsure if I m using the SID for the user correctly.
> >>
> >>
> >
> >Let Samba set the SID.
> >
> >
> >
> >>What is a recommended for master slave LDAP servers that are used primarily for
> >>authentication to Samba servers. Should I set up a slave LDAP server for the
> >>member servers? These member servers would be located in separate buildings. The
> >>main server has about 1000 user accounts, and member servers about 120 each when
> >>finished.
> >>
> >>
> >
> >Eh? User accounts exist in the SAM, in this case LDAP - everywhere.
> >Slaves are just replicas of the master for redundancy and performance.
> >
> >
> >
> >> At any one time I anticipate 20-30% will be logged in during peak hours.
> >>
> >>Any help that anyone can give me on this I'd appreciate. This is a fairly large
> >>installation that eventually will span 8 building each with there own Samba server
> >>but authenticating to a single OpenLDAP directory.
> >>
> >>
> >
> >Make a master LDAP on the PDC, load all the users.
> >Join the member servers to the domain.
> >Create LDAP replicas on several/all member servers.
> >Setup NSS on the member servers to use their local/near-by LDAP replica.
> >
> >
>
> From what it sounds like you want to span the load of the PDC to
> mahines that will be in each building. In this case the samba server in
> each building should not be member servers. They should instead be a
> BDC. Each machine should me using a replica LDAP server and have samba
> configured as a BDC. As mentioned by Adam Williams you will need each
> of the BDC machines using NSS setup to use the LDAP replicas.
>
> To setup the BDC the Samba 3 HowTo Collection gives all the information
> you should need. This is what I used and everything seems to be working
> here.
>
> Partick
--
Kent L. Nasveschuk <[EMAIL PROTECTED]>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
