Re: [Samba] samba to samba via LDAP
On Wed, 2002-12-18 at 16:34, jeff wrote: Hi all, I have lots of samba servers and want them to all authenticate against a single password file which will be a LDAP database. Where I want to be: Login to a domain called FROST that passes the username:passwd to a domain called ACR which checks LDAP. Where I'm at: I can login (from a W2K machine) to a test server called LIBIT which uses LDAP beautifully (after long hours/days of profanity). I can also join/login to the samba domains called ACR (anytime) and FROST (if I change passwd server and security settings to a stand alone). I have 2 samba servers I'm testing out with the goal of passing passwords...the servers are FROST and the authenticating server is called ACR. I know that the login:passwd pair is being passed from FROST to ACR. ... any help would be wonderfulunless your a RTFM person because I wouldn't have gotten this far if I hadn't. Why not just have both servers authenticating against a common ldap store? It sounds like you want to run something like winbind (but against a samba DC not a windows DC) on your secondary server. I'm not sure that is possible. brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba to samba via LDAP
Why not just have both servers authenticating against a common ldap store? That would be the same desired result. Know any way I could have a real-time single LDAP store on a single machine and have everything auth against it? I've thought about just doing a scp of the .gdbm files, but that's just another point of failure. Any ideas would be tried. thanks, jeff On Thursday 19 December 2002 07:25 am, Bradley W. Langhorst wrote: On Wed, 2002-12-18 at 16:34, jeff wrote: Hi all, I have lots of samba servers and want them to all authenticate against a single password file which will be a LDAP database. Where I want to be: Login to a domain called FROST that passes the username:passwd to a domain called ACR which checks LDAP. Where I'm at: I can login (from a W2K machine) to a test server called LIBIT which uses LDAP beautifully (after long hours/days of profanity). I can also join/login to the samba domains called ACR (anytime) and FROST (if I change passwd server and security settings to a stand alone). I have 2 samba servers I'm testing out with the goal of passing passwords...the servers are FROST and the authenticating server is called ACR. I know that the login:passwd pair is being passed from FROST to ACR. ... any help would be wonderfulunless your a RTFM person because I wouldn't have gotten this far if I hadn't. Why not just have both servers authenticating against a common ldap store? It sounds like you want to run something like winbind (but against a samba DC not a windows DC) on your secondary server. I'm not sure that is possible. brad -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba to samba via LDAP
On Thu, 2002-12-19 at 10:37, jeff wrote: Why not just have both servers authenticating against a common ldap store? That would be the same desired result. Know any way I could have a real-time single LDAP store on a single machine and have everything auth against it? just point all your samba machines at the same ldap server... you can add tls security if needed. I have ~10 machines authenticating against a single ldap server. It took me a while to work out the security issues. Make sure to read the latest ldap docs - even if you're using an older version. The newer docs are clearer on the security stuff. I've thought about just doing a scp of the .gdbm files, but that's just another point of failure. I fear that idea (you have no way of knowing that the db files are synced before you scp) - instead use slurpd for replication if you need to distribute the load. I've not replicated my db yet... brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba to samba via LDAP
Hi all, I have lots of samba servers and want them to all authenticate against a single password file which will be a LDAP database. Where I want to be: Login to a domain called FROST that passes the username:passwd to a domain called ACR which checks LDAP. Where I'm at: I can login (from a W2K machine) to a test server called LIBIT which uses LDAP beautifully (after long hours/days of profanity). I can also join/login to the samba domains called ACR (anytime) and FROST (if I change passwd server and security settings to a stand alone). I have 2 samba servers I'm testing out with the goal of passing passwords...the servers are FROST and the authenticating server is called ACR. I know that the login:passwd pair is being passed from FROST to ACR. The command I tested this with is: smbclient -L smbfrost -U jeffw #smbclient -L netbios name -U user btw, jeffw has a valid unix account on frost, but is not in the smbpasswd file. I then see a list of shares on the FROST domain. So, my question is this. Can I have a domain called FROST which a W2K/XP machine can join/login to while doing all authenticating against a samba server called ACR? Does any of this make sense? Here are condensed/cleaned smb.conf files: --- Begin Frost smb.conf file [global] workgroup = frost netbios name = smbfrost server string = Samba Frostbite encrypt passwords = yes null passwords = no log file = /var/log/samba/log.%m max log size = 150 name resolve order = lmhost host wins bcast domain logons = yes os level = 30 preferred master = yes domain master = no security = server password server = ACRC hosts allow = --- End Frost smb.conf file --- Begin ACR smb.conf file --- [global] netbios name = ACRC workgroup = ACR server string = ACRC Server domain master = yes browseable = Yes logon path = \\%N\profiles\%U\profile name resolve order = lmhost host wins bcast null passwords = Yes encrypt passwords = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u short preserve case = no wins support = true max log size = 50 logon script = %u.bat writable = yes security = user domain logons = yes max disk size = 5 local master = yes log file = /var/log/samba/log.%m os level = 64 locking = no --- End ACR smb.conf file --- any help would be wonderfulunless your a RTFM person because I wouldn't have gotten this far if I hadn't. thanks -- Jeff Maybe I'll make a deal with my boss...Boss, I'll say, Let's upgrade to Linux on all campus computers and I'll pay for the licensing out of my own pocket. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
