yes to share a single set of users/groups in LDAP to multiple samba
servers you will need LDAP and a PDC and the other servers will be
BDCs. yes you will join BDC's with net rpc join -D domain -S
pdc_server_name -U root%password
read chapter 5.3 of samba 3 by example.pdf
Soohoon Lee wrote:
Thanks,
'sharing LDAP server' is to share the same set of users/groups in the
LDAP DB, not separate sets of users/groups for each samba servers.
It looks like PDC ??? maybe what I want is more like NIS.
So IIUC, to share a single set of users/groups in the LDAP server from
multiple samba servers, I need LDAP and samba DC?
And samba servers have to join the samba DC by net rpc join?
Thanks a lot.
Soohoon.
On Fri, Aug 1, 2008 at 11:22 AM, Adam Williams
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
sure you can have multiple domains with all the account info in
LDAP. if you really want it to work together well you'll have a
PDC and BDC's though. you may be able to try samba intertrust
relationships, but i've never used that
Soohoon Lee wrote:
Thanks all
This is my smb.conf
[global]
dos charset = UTF-8
workgroup = DOMSMB
security = user
allow trusted domains = No
password server = NULL
passdb backend = ldapsam:ldap://10.17.124.190/
<http://10.17.124.190/>
max log size = 50
load printers = No
stat cache = No
os level = 10
dns proxy = No
ldap suffix = dc=my-domain,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=Manager,dc=my-domain,dc=com
ldap ssl = no
And I like to make multiple samba servers to share single LDAP
server without using domain controller feature.
I'm getting feeling that pure LDAP server is for single samba
server or the LDAP server should have samba DC to serve multiple
samba servers?
Thanks,
Soohoon.
On Fri, Aug 1, 2008 at 7:02 AM, Lukasz Zalewski
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
Lukasz Zalewski wrote:
Adam Williams wrote:
are you using security = user or security = domain on
your multiple servers?
Soohoon Lee wrote:
Hi
Is it possible to use single LDAP server and
multiple samba servers?
The problem I'm having now is
Each server thinks their host name is their LDAP
domain name, or
sambaDomainName, and
complain the user's SID is different so can't
authenticate.
How do I make samba servers use one domain name
and SID?
LDAP domain name is DOMSMB
dn: sambaDomainName=DOMSMB,dc=my-domain,dc=com
sambaSID: S-1-5-21-2479917030-3150298425-213194246
And samba server created a new domain after its
hostname.
dn: sambaDomainName=SRV6,dc=my-domain,dc=com
sambaSID: S-1-5-21-4202146032-850913369-3381557932
And complain user's SID is different from its SID.
Thanks,
Soohoon.
We have student domain and staff domain and one LDAP
server. We wanted staff members to log onto student
domain. So we considered two options:
1. Interdomain trust relationship
(http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html)
However this option was not good for us as we didn't want
to open up the firewall and we wanted staff members to
get the proper student experience (i.e. home dirs and
profiles on the student server). So that brought us to
the second option:
2. ldap translucent proxy overlay
(http://linux.die.net/man/5/slapo-translucent)
In this setting we override sids (i.e. domain sid part of
the staff domain is substituted with student domain
portion of the sid) for users and groups and point samba
to the overlay. Bear in mind that all of the changes make
by samba like machine passwords, user passwords, idmap
mappings etc will go no further than the proxy so great
care must be taken in LDAP setups that use referrals.
Now the most important question is what do you use you
two domains for?
HTH
Lukasz
Ah sorry I didn't read the Subject line properly you do not
want PDC. As Andy pointed out maybe you should have one of
the servers as a domain member of the other domain
Lukasz
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
