hi
there's - maybe only for me - one problem:
i can add just on IDMAP BACKEND server in smb.conf for winbindd
so if this IDMAP BACKEND (most likely PDC) fails (or better: his ldap server), IDMAPing also fails for winbindd
andrew told me, that it should work, but it doesn't for me under samba v3.0.4
best, micha
Felipe Augusto van de Wiel schrieb:
Paul Gienger wrote:
Hi Paul,
Felipe Augusto van de Wiel wrote:
:: Hi rruegner,
:: rruegner wrote: :::: you dont have to struggle around, :::: if you have a ldap master allready running :::: setup a ldap slave on the bdc machine, :::: and configure the bdc smb.conf as bdc with :::: asking the ldap slve for auth :::: thats all
:: Sorry but maybe I'm missing something. In my tests :: it didn't work, because of the read only status of :: ldap slave, the machines account password are changed :: lots of times. :: There are lines in the smbldap-tools package (which I :: hope you're using by now) that you can specify a 'ldap :: master' that will be referred to in instances where an :: ldap-modify command is needed as opposed to a simple :: ldap-search.
Yes, I use smbldap-tools package! :) But, I really do not understand how it is related with the PDC/BDC system. Is is a 'smbd' task, the LDAP server is responsible to make the replication, and the smbd the authentication.
The docs are clearly to say that I need to put the User and Group SID inside the LDAP base do allow the Samba Server (I have 8 Samba Server, which 5 of them are on differente networks) to act as PDC/BDC system. In other words, if master fails, secondary will take over the 'auth' task until the master re-appears. :)
:::: But AFAICT the PDC/BDC also needs the SID mapped :::: inside the LDAP, and actually I doesn't have it.
:: Are you saying that the SID on each machine is :: different? If that is the case you need to do :: a net getlocalsid on your pdc and then a net :: setlocalsid (output of last command) on the bdc :: machine.
No, I'm not talking about machines. I'm talking about users. Probably I have two majors problems, the samba-3.0.0-beta2 (we'll migrate this week) and the structure of the LDAP base, in other words, the samba schema.
I'm trying to discover which fields are required for each user. Looking at SAMBA3 HOW TO, the idmap backend is required for LDAP PDC/BDC Strategy to work, in other words, users must have only one SID along the entire 'Directory'.
The point is that I'm trying to check and be sure of what I'm doing on my 'Directory' and on my network.
:)
// Felipe
--
"Matrix - more than a vision"
**************************************************
Michael Gasch- Central IT Department -
Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig
Germany **************************************************
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
