cooper mail wrote:
I was in the same situation and I chose to build up a central Samba/LDAPCraig, Thanks for the response. I have read both the HowTo and the By Example. Neither covers much in regard to my situation. I have NO windows servers, only samba servers.
I am using LDAP, nss_ldap, and pam_ldap to handle the local unix
accounts. The samba PDC is also using ldap as its passdb backend. Every thing is working fine at this time. I have tried both of the
setups I have mentioned, and both work. I am just wondering what is
the recomended/best practice setup.
I am not using windbind at this time. I read in another post from Jerry, that the only reason I would need windbind, in my scenario, is if I had a trust relationship with another domain. I do not.
Thanks,
cooper
On Sun, 06 Mar 2005 21:23:27 -0700, Craig White <[EMAIL PROTECTED]> wrote:
On Sun, 2005-03-06 at 21:23 -0500, cooper mail wrote:
I was wondering what the best practice is for setting up several SAMBA servers in a SAMBA domain all on the same LAN. Here is what I am looking at
PDC: LDAP, Samba, nss_ldap, pam_ldap Member1: Samba, nss_ldap, pam_ldap Member2: Samba, nss_ldap, pam_ldap Member . . . .
Should I set the member servers up with: Security = domain and join the severs with net rpc join
or, whould it be better to set them up with: passdb backend = ldapsam:ldap://pdc.domain.com security = server
Do you see where I am going? If you need more details to answer, let me know.
---- You should probably consult both the HOWTO and more specifically, the BY EXAMPLE documentation for discussions about this as only you can decide the value of this.
Nowhere did you mention winbindd...
Given local unix accounts are necessary for samba connections, I would think an overall strategy should be thought out carefully.
Craig
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
in one domain with other Samba/LDAP authenticating user against the first one.
The solution is to provide different user configuration in every single Samba/LDAP, managing
centrally the account and the password repository for all users.
You have many Samba/PDC server but only one is delegated to authenticated users
in the domain. You have to set the global directive in smb.conf "security=server" and add
"password server=server name or server ip".
Then, when a Windows client connects to a Samba/LDAP it cans retrive personal account informations
but the password validation is a challenge between the two Samba/LDAP servers (the first,
receiving and opening a client connection, and the second you set in smb.conf "password server" directive)
Giuseppe
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
