FW: Re: Samba4 provision-backend

horst schibullek hotte.schibullek at web.de
Tue Apr 1 07:49:22 GMT 2008


> -----Ursprüngliche Nachricht-----
> Von: "Andrew Bartlett" <abartlet at samba.org>
> Gesendet: 01.04.08 01:57:05
> An: horst schibullek <hotte.schibullek at web.de>
> CC: samba-technical at lists.samba.org
> Betreff: Re: FW: Re: Samba4 provision-backend


> 
> 
> On Sat, 2008-03-29 at 21:15 +0100, horst schibullek wrote:
> > > -----Ursprüngliche Nachricht-----
> > > Von: "horst schibullek" <hotte.schibullek at web.de>
> > > Gesendet: 29.03.08 13:43:23
> > > An: "Andrew Bartlett" <abartlet at samba.org>
> > > Betreff: Re: Samba4 provision-backend
> > 
> > > 
> > > 
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: "Andrew Bartlett" <abartlet at samba.org>
> > > > Gesendet: 28.03.08 23:34:48
> > > > An: horst schibullek <hotte.schibullek at web.de>
> > > > CC: samba-technical at lists.samba.org
> > > > Betreff: Re: Samba4 provision-backend
> > > 
> > > 
> > > > 
> > > > 
> > > > On Thu, 2008-03-27 at 14:54 +0100, horst schibullek wrote:
> > > > > Samba4 SVN 26701:
> > > > 
> > > > Firstly, Samba4 is now in GIT, the version in SVN is quite old.  What
> > > > made you pull from SVN?  (I may need to update a few web pages). 
> > > 
> > > o.k., got it. took the info from samba-wiki, where both variants (svn and git) are
> > > listed as ok.
> > > > 
> > > > I think the issues with the provision-backend script have been fixed
> > > > since then (and rewritten in python).
> > > 
> > > ok, good to hear. 
> > > 
> > > another issue: 
> > > i had setup 2 samba4-dc's in the same domain, working fine together
> > > with openldap-backend (ol 2.4.8) in multi-master-replication,
> > > (using ldap://<fqhn>:9000/ instead of ldapi) 
> > > 
> > > tested both variants to get a redundant copy, first procedure: quick and dirty 
> > > in old slurpd-style (copying the bdb-files and transaction-logs from
> > > dc1 to dc2; second procedure: with empty db on dc2 and 
> > > syncrepl initial content load for all contexts, all ok.  
> 
> Great!
thanks. makes fun to test it... great job done with samba4
> 
> > > all replication stuff is working fine in both directions, but when i try to
> > > reproduce your demonstration from sambaxp 2007
> > > (samab4-multi-master with Fedora DS backend)
> > > an kick off one DC, the domain isnt available any
> > > more for join operations and administering etc.
> 
> Interesting.  I've not attempted to reproduce that demonstration since
> SambaXP. 
> 
> > > looks like the key (in the words meaning) hangs in 
> > > the secrets.keytab, which is different on both dc.
> > > is there a way to get it synchronized?
> > > (tried net samdump keytab etc., but seems not to work,
> > > tried also to manipulate the keytab with heimdal-tools, 
> > > but did'nt work either)
> 
> The second server needs to join the domain (as a DC, but talking to the
> first server).  That should establish the keytabs etc.
> 
> 
i joined the domain with the second server, and after that i 
created the needed ldif entry (Cn=NTDS...), everything 
completely ok to this point.

other ideas? 
if not, i maybe try it once again and post the smbd-debug messages,
but i know, they've been krb-ticket-related.





>Andrew Bartlett
> 
> -- 
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Red Hat Inc.
> 
> 


_______________________________________________________________
Schon gehört? Der neue WEB.DE MultiMessenger kann`s mit allen: 
http://www.produkte.web.de/messenger/?did=3016



More information about the samba-technical mailing list