[Samba] issue with multiple Samba DC and uid/gid assignment.
Rowland Penny
rowlandpenny at googlemail.com
Sun Aug 25 10:03:14 MDT 2013
On 25/08/13 16:52, dahopkins at comcast.net wrote:
>
> > Hi, Where does Windows 2008R2 fit into this setup, is it in the same
> domain? is it the primary AD server?
>
> It is a member server in the same domain on which we ran ADUC. It was
> a member of the prior samba3/LDAP authentication system. I can now log
> back onto this server and launch ADUC. All three of the samba4 DC are
> listed in Domain Controllers. However, since adding nslcd/nscd to
> ncssamba2, the only DC I can connect to is ncssamba1. When I try to
> select a different domain controller, I get "The list of Domain
> Controllers for domain ncs.k12.de.us is unavailable because: Access is
> Denied
>
> > I would suggest that you read Steve's site a bit more but this time
> about sssd.
> > I would also suggest that you just use the Samba 4 DCs just for
> authentication and use the Samba fileservers to store the profiles
> etc. You would then not need anything but the basic Samba4 setup on
> the AD DCs.
>
> That is the goal except profiles/home directories were not be accessed
> correctly on the samba4 domain member servers which I am trying to
> resolve.
>
> I am still not clear if I should be installing nslcd on the AD DCs.
> And if I do, what is the correct setting setting for the following in
> nslcd.conf
>
> # The location at which the LDAP server(s) should be reachable.
> uri ldap://ncssamba1.ncs.k12.de.us/
>
> Should this point to the local machine, e.g. ncssamba1 for nslcd
> running on ncssamba1, ncssamba2 for nslcd running on ncssamba2 or
> should it point to the same ldap server on all AD DCs? I am willing
> to migrate from nslcd to sssd but need to understand what needs to be
> uninstalled/installed where before attempting it.
>
> Sincerely,
> Dave Hopkins
>
>
>
If you just use the Samba 4 ADs for authentication, you do not need
anything else on them, you just need to add the relevant attributes
(uidNumber, gidNumber, homeDirectory,profilePath etc) to each user.
You just need to set up samba on the fileservers to pull and use this
information.
If you use sssd to do this, you will use kerberos, so very little extra
needs to be added other than sssd, sssd-tools and krb5.
Rowland
More information about the samba
mailing list