Hi Paul, thanks for the reply. 2 questions:- 1. In the smbldap-useradd.pl file, there are lines that are commented out. SInce my add machine script is only with "-w", and my with_smbpasswd variable in the smbldap_conf is =0, i found that it will only create a posix account on the ldap. I don't see it creating the samba portion in the ldap. Does it do it automatically? My ldap shows that the samba portion is done automatically. [However I think I have to join the domain 2 times for each machine.... don't know why the first time it joins it fails.. The second time succeeds.] 2. Can I know what happens if my refferals is not done properly and I point my passwd backend to the ldap slave server? Does it have an effect only when a machine joins the domain?
Thanks. adrian ---------- Original Message ---------------------------------- From: Paul Gienger <[EMAIL PROTECTED]> Date: Wed, 16 Jun 2004 07:50:31 -0500 > > >Adrian Chow wrote: > >> Hi, >> >> I got the following setup. >> >> I got a openLDAP server. This server is the master server for LDAP >> functions. I named this ldapsrv. >> I got a samba server with openLDAP install on it as well. This LDAP >> server is the slave to ldapsrv. I named this sambasrv. >> >> The sambasrv currently have the following setup in /etc/smb.conf:- >> passdb backend = ldapsam:ldap://ldapsrv.domain >> idmap backend = ldap://ldapsrv.domain >> add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' >> delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' >> add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' >> delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' >> add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m >> '%u' '%g' >> delete user from group script = >> /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' >> set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g >> '%g' '%u' >> add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' >> shutdown script = /var/lib/samba/scripts/shutdown.sh >> >> I want to use sambasrv's openldap directory to read off the passwords >> instead of reading it off the network from ldapsrv. Note that all >> changes have to be done on ldapsrv in order to be propogated to >> sambasrv. Will I have any issues if I shift the 'passdb backend' and >> 'idmap backend' to point to ldapsrv? >> >> Can i do the above with the smbldap_conf.pm file untouched? The >> smbldap_conf.pm files currently point to ldapsrv as the changes will >> need to be done on it. >> >> The reason I asked is that during clients authentication or connecting >> to the sambasrv, will it modify the ldap entries since smb.conf will >> point to sambasrv which is the slave LDAP. I think all changes need >> to start from ldapsrv. > >If you have referrals set up properly then the slave will send the >modify requests up the the master that can write to the db. One note >however, if you switch all references over to the slave, try a domain >join in test before you roll out. My particular ldap servers are over a >WAN and samba would actually time out before the account would replicate >to my local slave unless I hacked a sleep in to the add machine function. > >-- >Paul Gienger Office: 701-281-1884 >Applied Engineering Inc. Cell: 701-306-6254 >Information Systems Consultant Fax: 701-281-1322 >URL: www.ae-solutions.com mailto:[EMAIL PROTECTED] > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
