Re: [Samba] making BDC samba + ldap server
Hi guys My network map is simple, ldap inside samba server centralizes all uses inside the LAN included mail. My question is to reduce the use of net it's a good idea to create other ldap server inside mail server? And finally which's the best relation between ldap.samba server and a future ldap mail server, master.master o master slave? Thanks And Best Regards 2011/2/25 Gaiseric Vandal gaiseric.van...@gmail.com I don't understand your question. What does mail have to do with Samba? Does your mail server use LDAP authentication? Or do you want to use the LDAp server as an central address book for your mail clients. Either way, your LDAP server should be able to support attributes for both e-mail and samba requirements. On 02/24/2011 11:42 AM, marcos gonzalez wrote: Hi Im not sure if it's in this list but configuring ldap Im with a doubt.I would like to distribute openldap conexions between mail server and samba server. Which's the better form, master-master or master-slave? I understand using PDC and BDC the relationship is master-slave, but between mail and samba? Thanks Best Regards 2011/2/21 marcos gonzalezmarcos.gonzalez.c...@gmail.com Ok in my server the ldap config is inside /etc/ and this file nss_ldap it's inside /etc/ldap/. i didn't understand why pass this but now I understand all Thanks Hi Ok, and how I config nss_ldap? When I copy all database is included? Well, the easiest way, for Samba use, is to simply cp your ldap.conf file for the ldap client application to nss_ldap.conf--cp ldap.conf nss_ldap.conf (this can be a bit confusing, as openldap uses a file called ldap.conf for configuring the ldap client as well as a file called ldap.conf for configuring basic ldap server process. The server file is generally contained in the directory where configuration files are kept in a subdirectory called openldap along with files like slapd.conf and is generally a small file witch looks something like this: # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASEdc=mydomain,dc=com URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389 # TLS_CACERT /usr/local/etc/openldap/cacert.pem #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never whereas the ldap.conf for the client is rather lengthy and contains quite a bit of information for contacting the ldap server, how the dit should be searched, etc.) And, no, nss_ldap.conf has nothing to do with the ldap server. nss_ldap.conf can be used to contact an external ldap server, just as the ldap.conf for the ldap client application can/ Sorry for the newbie questions, If any time comes to barcelona contact me, you has a beer paid (Daniel too) :-) Well, now that's quite a generous offer. Much appreciated. Thanks and Best Regards 2011/2/20t...@tms3.com Hi Thanks, this howto for me its better. I have other doubt, syncrepl needs to be installed or comes integrated with slapd daemon? It is all part of the openldap suite. And to transfer all shared samba folders and profile content, when it's the better moment? I understand when samba is down or when is up? Depends on the permissions. However, so long as ALL the files to be transferred belong to users in LDAP then, with nss_ldap properly configured, any copy that preserves permissions should be fine. Thanks and Best Regards 2011/2/20t...@tms3.com Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine :/etc/samba Edit the
Re: [Samba] making BDC samba + ldap server
I don't understand your question. What does mail have to do with Samba? Does your mail server use LDAP authentication? Or do you want to use the LDAp server as an central address book for your mail clients. Either way, your LDAP server should be able to support attributes for both e-mail and samba requirements. On 02/24/2011 11:42 AM, marcos gonzalez wrote: Hi Im not sure if it's in this list but configuring ldap Im with a doubt.I would like to distribute openldap conexions between mail server and samba server. Which's the better form, master-master or master-slave? I understand using PDC and BDC the relationship is master-slave, but between mail and samba? Thanks Best Regards 2011/2/21 marcos gonzalezmarcos.gonzalez.c...@gmail.com Ok in my server the ldap config is inside /etc/ and this file nss_ldap it's inside /etc/ldap/. i didn't understand why pass this but now I understand all Thanks Hi Ok, and how I config nss_ldap? When I copy all database is included? Well, the easiest way, for Samba use, is to simply cp your ldap.conf file for the ldap client application to nss_ldap.conf--cp ldap.conf nss_ldap.conf (this can be a bit confusing, as openldap uses a file called ldap.conf for configuring the ldap client as well as a file called ldap.conf for configuring basic ldap server process. The server file is generally contained in the directory where configuration files are kept in a subdirectory called openldap along with files like slapd.conf and is generally a small file witch looks something like this: # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASEdc=mydomain,dc=com URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389 # TLS_CACERT /usr/local/etc/openldap/cacert.pem #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never whereas the ldap.conf for the client is rather lengthy and contains quite a bit of information for contacting the ldap server, how the dit should be searched, etc.) And, no, nss_ldap.conf has nothing to do with the ldap server. nss_ldap.conf can be used to contact an external ldap server, just as the ldap.conf for the ldap client application can/ Sorry for the newbie questions, If any time comes to barcelona contact me, you has a beer paid (Daniel too) :-) Well, now that's quite a generous offer. Much appreciated. Thanks and Best Regards 2011/2/20t...@tms3.com Hi Thanks, this howto for me its better. I have other doubt, syncrepl needs to be installed or comes integrated with slapd daemon? It is all part of the openldap suite. And to transfer all shared samba folders and profile content, when it's the better moment? I understand when samba is down or when is up? Depends on the permissions. However, so long as ALL the files to be transferred belong to users in LDAP then, with nss_ldap properly configured, any copy that preserves permissions should be fine. Thanks and Best Regards 2011/2/20t...@tms3.com Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine :/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles]
Re: [Samba] making BDC samba + ldap server
Hi Im not sure if it's in this list but configuring ldap Im with a doubt.I would like to distribute openldap conexions between mail server and samba server. Which's the better form, master-master or master-slave? I understand using PDC and BDC the relationship is master-slave, but between mail and samba? Thanks Best Regards 2011/2/21 marcos gonzalez marcos.gonzalez.c...@gmail.com Ok in my server the ldap config is inside /etc/ and this file nss_ldap it's inside /etc/ldap/. i didn't understand why pass this but now I understand all Thanks Hi Ok, and how I config nss_ldap? When I copy all database is included? Well, the easiest way, for Samba use, is to simply cp your ldap.conf file for the ldap client application to nss_ldap.conf--cp ldap.conf nss_ldap.conf (this can be a bit confusing, as openldap uses a file called ldap.conf for configuring the ldap client as well as a file called ldap.conf for configuring basic ldap server process. The server file is generally contained in the directory where configuration files are kept in a subdirectory called openldap along with files like slapd.conf and is generally a small file witch looks something like this: # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASEdc=mydomain,dc=com URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389 # TLS_CACERT /usr/local/etc/openldap/cacert.pem #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never whereas the ldap.conf for the client is rather lengthy and contains quite a bit of information for contacting the ldap server, how the dit should be searched, etc.) And, no, nss_ldap.conf has nothing to do with the ldap server. nss_ldap.conf can be used to contact an external ldap server, just as the ldap.conf for the ldap client application can/ Sorry for the newbie questions, If any time comes to barcelona contact me, you has a beer paid (Daniel too) :-) Well, now that's quite a generous offer. Much appreciated. Thanks and Best Regards 2011/2/20 t...@tms3.com Hi Thanks, this howto for me its better. I have other doubt, syncrepl needs to be installed or comes integrated with slapd daemon? It is all part of the openldap suite. And to transfer all shared samba folders and profile content, when it's the better moment? I understand when samba is down or when is up? Depends on the permissions. However, so long as ALL the files to be transferred belong to users in LDAP then, with nss_ldap properly configured, any copy that preserves permissions should be fine. Thanks and Best Regards 2011/2/20 t...@tms3.com Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine :/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd.
Re: [Samba] making BDC samba + ldap server
Hi Thanks, this howto for me its better. I have other doubt, syncrepl needs to be installed or comes integrated with slapd daemon? And to transfer all shared samba folders and profile content, when it's the better moment? I understand when samba is down or when is up? Thanks and Best Regards 2011/2/20 t...@tms3.com Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine :/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
Hi Thanks, this howto for me its better. I have other doubt, syncrepl needs to be installed or comes integrated with slapd daemon? It is all part of the openldap suite. And to transfer all shared samba folders and profile content, when it's the better moment? I understand when samba is down or when is up? Depends on the permissions. However, so long as ALL the files to be transferred belong to users in LDAP then, with nss_ldap properly configured, any copy that preserves permissions should be fine. Thanks and Best Regards 2011/2/20 t...@tms3.com Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine:/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
Hi Ok, and how I config nss_ldap? When I copy all database is included? Sorry for the newbie questions, If any time comes to barcelona contact me, you has a beer paid (Daniel too) :-) Thanks and Best Regards 2011/2/20 t...@tms3.com Hi Thanks, this howto for me its better. I have other doubt, syncrepl needs to be installed or comes integrated with slapd daemon? It is all part of the openldap suite. And to transfer all shared samba folders and profile content, when it's the better moment? I understand when samba is down or when is up? Depends on the permissions. However, so long as ALL the files to be transferred belong to users in LDAP then, with nss_ldap properly configured, any copy that preserves permissions should be fine. Thanks and Best Regards 2011/2/20 t...@tms3.com Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine :/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
Hi Ok, and how I config nss_ldap? When I copy all database is included? Well, the easiest way, for Samba use, is to simply cp your ldap.conf file for the ldap client application to nss_ldap.conf--cp ldap.conf nss_ldap.conf (this can be a bit confusing, as openldap uses a file called ldap.conf for configuring the ldap client as well as a file called ldap.conf for configuring basic ldap server process. The server file is generally contained in the directory where configuration files are kept in a subdirectory called openldap along with files like slapd.conf and is generally a small file witch looks something like this: # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASEdc=mydomain,dc=com URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389 # TLS_CACERT /usr/local/etc/openldap/cacert.pem #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never whereas the ldap.conf for the client is rather lengthy and contains quite a bit of information for contacting the ldap server, how the dit should be searched, etc.) And, no, nss_ldap.conf has nothing to do with the ldap server. nss_ldap.conf can be used to contact an external ldap server, just as the ldap.conf for the ldap client application can/ Sorry for the newbie questions, If any time comes to barcelona contact me, you has a beer paid (Daniel too) :-) Well, now that's quite a generous offer. Much appreciated. Thanks and Best Regards 2011/2/20 t...@tms3.com Hi Thanks, this howto for me its better. I have other doubt, syncrepl needs to be installed or comes integrated with slapd daemon? It is all part of the openldap suite. And to transfer all shared samba folders and profile content, when it's the better moment? I understand when samba is down or when is up? Depends on the permissions. However, so long as ALL the files to be transferred belong to users in LDAP then, with nss_ldap properly configured, any copy that preserves permissions should be fine. Thanks and Best Regards 2011/2/20 t...@tms3.com Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine:/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following
Re: [Samba] making BDC samba + ldap server
Ok in my server the ldap config is inside /etc/ and this file nss_ldap it's inside /etc/ldap/. i didn't understand why pass this but now I understand all Thanks Hi Ok, and how I config nss_ldap? When I copy all database is included? Well, the easiest way, for Samba use, is to simply cp your ldap.conf file for the ldap client application to nss_ldap.conf--cp ldap.conf nss_ldap.conf (this can be a bit confusing, as openldap uses a file called ldap.conf for configuring the ldap client as well as a file called ldap.conf for configuring basic ldap server process. The server file is generally contained in the directory where configuration files are kept in a subdirectory called openldap along with files like slapd.conf and is generally a small file witch looks something like this: # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASEdc=mydomain,dc=com URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389 # TLS_CACERT /usr/local/etc/openldap/cacert.pem #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never whereas the ldap.conf for the client is rather lengthy and contains quite a bit of information for contacting the ldap server, how the dit should be searched, etc.) And, no, nss_ldap.conf has nothing to do with the ldap server. nss_ldap.conf can be used to contact an external ldap server, just as the ldap.conf for the ldap client application can/ Sorry for the newbie questions, If any time comes to barcelona contact me, you has a beer paid (Daniel too) :-) Well, now that's quite a generous offer. Much appreciated. Thanks and Best Regards 2011/2/20 t...@tms3.com Hi Thanks, this howto for me its better. I have other doubt, syncrepl needs to be installed or comes integrated with slapd daemon? It is all part of the openldap suite. And to transfer all shared samba folders and profile content, when it's the better moment? I understand when samba is down or when is up? Depends on the permissions. However, so long as ALL the files to be transferred belong to users in LDAP then, with nss_ldap properly configured, any copy that preserves permissions should be fine. Thanks and Best Regards 2011/2/20 t...@tms3.com Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine :/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf
Re: [Samba] making BDC samba + ldap server
Hi Thanks for all the howto, but I dont understand the part to create ans slave slapd (my version is 2.4.15 mounted in ubuntu server). At the moment I understand this steps: Resume: First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine :/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine :/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap ---HOw I can make this If slurpd is deprecated? The guide http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html not's easy to understand, not exist other howto more simple? Here is another guide. The first link is quite comprehensive. http://www.zytrax.com/books/ldap/ch7/ The entire online manual is a good read. I highly recommend it. Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword I understand the part of backup slapd only works with the service stopped? Well Im grateful for all your time :-) Thanks and Best Regards 2011/2/18 t...@tms3.com In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine:/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
Hi Yes, it's a samba 3.3.2 with openldap. My first steps were copy config smb.conf and folders /var/lib/samba and shared folders. But I dont know how to copy samba users and groups from PDC. Suggesiotns? Other important task is to migrate ldap to prepare and slave ldap. Wheel, I have good howtos to start Thanks for all answers. Best Regards 2011/2/18 Daniel Müller muel...@tropenklinik.de First of all are you running a PDC with ldap? Then it is quite easy. If it is so I can give you hints --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Dale Schroeder Gesendet: Donnerstag, 17. Februar 2011 22:36 An: marcos gonzalez Cc: Samba Betreff: Re: [Samba] making BDC samba + ldap server I've never attempted, but here it is: http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_fi le_server_using_LDAP On 02/17/2011 3:19 PM, marcos gonzalez wrote: Hi guys Im looking to config a BDC server for the high traffic supported inside the primary server. I never configured a BDC server inside ubuntu 9.04 and OpenLdap and Im very lost. Looking for internet I found howtos for PDCs server but not for BDC. Anyone can help me more? Im making a clean install and I don't know how to create same users than PDC for samba and how to make a slave ldap inside. Any help will be appreciated Thanks :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine:/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. There are many other ways but this is easy. Slurpd should be installed on your Master an only there. So go in to the slapd.conf on your master and put a few lines in it at the end. Be carefull all tabs must fit exact as this example: replica uri=ldap://IPOFYOUR2MACHINE:389 binddn=cn=youradmin,dc=your,dc=ldap suffix=dc=yourc,dc=ldap bindmethod=simple credentials=securepassword Now edit the slapd.conf you have copied over to your 2machine fit it to your needs And put this few lines at the end: updatedn cn=youradmin,dc=your,dc=ldap updateref ldap://IPOFYOURMASTERMACHINE Now you have to grep the Domain SID on the master machine net getlocalsid SID for domain XXX is: S-1-5-21-348532078-20162045-3182299738 you need this SID Copy this sid over to your 2machine: There do ex: net setlocalsid S-1-5-21-348532078-20162045-3182299738 Leave the ldap settings the same as on your pdc(It should fit!!). Only change the IP Of your passdb backend = ldapsam:ldap://IP/! If you have there 127.0.0.1 leave it as it is On your master machine go to your openldap database directory ex: /var/lib/ldap Then do: slapcat -l master.ldif This will succed in a file: master.ldif. Copy this file to your second machine ex: scp master.ldif root@2machine:/var/lib/ldap On your 2machine you have now to do : slapadd -l master.ldif Then chown ldap:ldap * to set the right permission for the ladp user. Now on your 2machine you must now do: smbpasswd W --you are prompted for Ldap-Password then smbpasswd -a root Then start ldap, start samba Restart ldap/Samba on your Master and all is up. Good Luck Daniel EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de Von: marcos gonzalez [mailto:marcos.gonzalez.c...@gmail.com] Gesendet: Freitag, 18. Februar 2011 11:24 An: muel...@tropenklinik.de Cc: Dale Schroeder; Samba Betreff: Re: [Samba] making BDC samba + ldap server Hi Yes, it's a samba 3.3.2 with openldap. My first steps were copy config smb.conf and folders /var/lib/samba and shared folders. But I dont know how to copy samba users and groups from PDC. Suggesiotns? Other important task is to migrate ldap to prepare and slave ldap. Wheel, I have good howtos to start Thanks for all answers. Best Regards 2011/2/18 Daniel Müller muel...@tropenklinik.de First of all are you running a PDC with ldap? Then it is quite easy. If it is so I can give you hints --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Dale Schroeder Gesendet: Donnerstag, 17. Februar 2011 22:36 An: marcos gonzalez Cc: Samba Betreff: Re: [Samba] making BDC samba + ldap server I've never attempted, but here it is: http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_fi le_server_using_LDAP On 02/17/2011 3:19 PM, marcos gonzalez wrote: Hi guys Im looking to config a BDC server for the high traffic supported inside the primary server. I never configured a BDC server inside ubuntu 9.04 and OpenLdap and Im very lost. Looking for internet I found howtos for PDCs server but not for BDC. Anyone can help me more? Im making a clean install and I don't know how to create same users than PDC for samba and how to make a slave ldap inside. Any help will be appreciated Thanks :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
In my hint I think your samba PDC/Ldap is cuurently working well! First of all install a second machine with the samba and ldap. Do not start samba, do not start ldap. The ldap database should be nearly empty ex:/var/lib/ldap Now copy your smb.conf to your new machine ex: scp root@2machine:/etc/samba Edit the smb.conf to your needs and adjust it to be a bdc: domain master=NO domain logons=YES Make a testparm it should succed like this: testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [sysvol] WARNING: The share modes option is deprecated Processing section [homes] Processing section [profiles] Processing section [alles] Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_BDC you are a BDC Press enter to see a dump of your service definitions Yes very nice! Now you are on to copy your slapd.conf and ldap.conf to your new machine: Ex: scp slapd.conf root@2machine:/etc/openldap Now important I do the trick with slurpd. Sorry, but Slurpd is depricated and no longer available in Openldap since 2.3 http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd Here is nice overview of the way LDAP currently works: http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html Once you have sync-repl set up on the current master, and a proper slapd.conf and ldap.conf file on the new machine, start ldap, then smbpasswd -w ldap-master-passwd net rpc join -Uadministrator domain name Done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] making BDC samba + ldap server
Hi guys Im looking to config a BDC server for the high traffic supported inside the primary server. I never configured a BDC server inside ubuntu 9.04 and OpenLdap and Im very lost. Looking for internet I found howtos for PDCs server but not for BDC. Anyone can help me more? Im making a clean install and I don't know how to create same users than PDC for samba and how to make a slave ldap inside. Any help will be appreciated Thanks :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
I've never attempted, but here it is: http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_file_server_using_LDAP On 02/17/2011 3:19 PM, marcos gonzalez wrote: Hi guys Im looking to config a BDC server for the high traffic supported inside the primary server. I never configured a BDC server inside ubuntu 9.04 and OpenLdap and Im very lost. Looking for internet I found howtos for PDCs server but not for BDC. Anyone can help me more? Im making a clean install and I don't know how to create same users than PDC for samba and how to make a slave ldap inside. Any help will be appreciated Thanks :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
I've never attempted, but here it is: http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_file_server_using_LDAP Follow the LDAP stuff in the above article as a template. The smbldap_tools is a good idea too. The rest of the samba stuff is right out of the samba manual. Nothing real tricky in BDC v. PDC in smb.conf. On 02/17/2011 3:19 PM, marcos gonzalez wrote: Hi guys Im looking to config a BDC server for the high traffic supported inside the primary server. I never configured a BDC server inside ubuntu 9.04 and OpenLdap and Im very lost. Looking for internet I found howtos for PDCs server but not for BDC. Anyone can help me more? Im making a clean install and I don't know how to create same users than PDC for samba and how to make a slave ldap inside. Any help will be appreciated Thanks :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] making BDC samba + ldap server
First of all are you running a PDC with ldap? Then it is quite easy. If it is so I can give you hints --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Dale Schroeder Gesendet: Donnerstag, 17. Februar 2011 22:36 An: marcos gonzalez Cc: Samba Betreff: Re: [Samba] making BDC samba + ldap server I've never attempted, but here it is: http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_fi le_server_using_LDAP On 02/17/2011 3:19 PM, marcos gonzalez wrote: Hi guys Im looking to config a BDC server for the high traffic supported inside the primary server. I never configured a BDC server inside ubuntu 9.04 and OpenLdap and Im very lost. Looking for internet I found howtos for PDCs server but not for BDC. Anyone can help me more? Im making a clean install and I don't know how to create same users than PDC for samba and how to make a slave ldap inside. Any help will be appreciated Thanks :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
