On Wednesday 18 August 2004 16:11, rruegner wrote: > thats right I am not sure if I understand what is being said here. Samba should refer password changes to the PDC and it should apply the changes to the LDAP directory.
- John T. > regards > > Jason C. Waters schrieb: > > I don't think this is a solution. If I understand what you were saying, > > on the BDC I should have this as the passwd backend: > > > > passwd backend = ldapsam:"ldaps://ldap.server2 ldaps://ldap.server1" > > > > server2 - the BDC and ldap slave which is read only > > server1 - is the PDB and has the ldap master which users can read/write, > > so they could update their passwords. > > > > If I have it setup this way, the users that on the other side will never > > be able to update their passwords, at least on that leg of the VPN. Or > > maybe I just thinking about this the wrong way. > > > > Jason > > > > rruegner wrote: > >> Hi, > >> if you want to stay bdc stay alive, in cases > >> when vpn broke so on your bdc smb.conf > >> your slave ldap should be the first entry in the passwd backend, > >> so if vpn brake , the slave ldap operates with its last > >> entries from the master and will give the win clients any chance > >> to operate just like if the pdc is alive. > >> If vpn is up again it the ldap should refresh the slave automatic. > >> But note, a bdc is read only so changes can olny be made to the master > >> ldap on the pdc.So no changes can be made to the domain during the > >> blackout period. > >> If you want a full functional bdc you also should setup user clients > >> homes and profiles in your outside ( vpn ) office hosted on the bdc. > >> ( a seperate dhcp server and an bind slave with longtime zone caching > >> is very usefull, too ) > >> > >> Regards > >> > >> Jason C. Waters schrieb: > >>> Is anyone using this? My smb.conf file has this line in > >>> server1(master) > >>> > >>> passwd backend = ldapsam:"ldaps://ldap.server1 ldaps://ldap.server2" > >>> > >>> and this is what server2(slave ldap, BDC) looks like: > >>> > >>> passwd backend = ldapsam:"ldaps://ldap.server1 ldap.server2" > >>> > >>> This is what happens. When I take down server 1's ldap server, > >>> server2 just starts using its local ldap server. But if I take down > >>> the VPN between the two, I try the same test, pdbedit -L, it works > >>> but it take about 6 seconds for it to timeout on server1. Is this > >>> normal or do I need to change some DNS setting? Thanks for your help. > >>> > >>> Jason -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
