mallapadi niranjan wrote: > Hi paul > > Thanks for Guiding me . > > I am creating a PDC and 2 BDC's with samba3 with LDAP, > > sorry if this is silly question, since i am new, guide me > > 1) what all default ACL's need to be written in slapd.conf > apart from users changing passwords . with respect to the samba 3 LDAP > schema, How am I supposed to know? Its your setup. I tend to create an administrative DN in ldap, say cn=smbadmin,ou=admins,dc=whatever... and give it full access to samba attributes and the pseudo attributes (children,entry). Then I have one rootbinddn for /etc/ldap.conf with full write access to @posixAccount attributes. All other nss_ldap operations (for getent, id, etc) are done anonymously.
> i have only these OU's which come with smbldap tools > 1) Domain Admins, Domain Groups, People, Groups, Computers, IDMAP, Does this make sense to you? Why do you need so many containers? I use ou=users, ou=groups, ou=idmap. If a group is usable for samba is determined by its attributes. A samba group has to be a unixGroup or groupOfNames anyway and since you have to setup nss_ldap to search with ?sub they will all count as unix groups as well. > > 2) I have a PDC and some other system as File server, ie i want folders in > another system as default home drive , which i want to write in Logon > script, so user to redirect to his home drive in another system, should i > install samba in that system also or should i do NFS mount , Don't use NFS, it has incomplete locking semantics, join the fileserver to your domain. > and i have about 500 groups and i want folders in the files systems to be > mapped in the file server to be mapped as drives, which probably i will > write a Logon script, but the confusion is how do i go about it, There is no magic here, if you have samba on your fileserver joined to your domain, you can access all its shared folders through \\foo\bar syntax. You need nss_ldap on the member server as well to unify your uid/gid namespace. > 3) if i use NFS , i want nfs mount to be with ACL support so that i can use > setfacl , and getfacl's in file server Don't use NFS. > > 4) i want to create 2 BDC's which , is it possible to synchronize PDC-> BDC > and BDC->PDC, ie if i make any changes in BDC's will it get reflected in PDC > also For this to work, you need a ldap "master" server at the PDC and setup replication to two "slave" ldap servers at both BDC's. Write operations to the BDC will directed to the master and replicated back to the slaves. > > kindly guide me Nope, sorry. You need to read up on general concepts about windows networks, how LDAP works, etc.. I suggest your start with the official samba documentation "Samba by Example" by John Terpstra witch is available printed as well as online. cheers Paul > > Regards > Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
