[Samba] machine accounts and ldap?

Thomas Stegbauer tsmailing at tronicplanet.de
Mon May 6 05:00:02 GMT 2002

Hash: SHA1


Dmitry Melekhov wrote:
| Thomas Stegbauer wrote:
|> Dmitry Melekhov wrote:
|> | Hello!
|> |
|> | How to add computers into domains if I have several domains and several
|> | ldap servers (one is master, other are slaves), each server on domain
|> | controller?
|> |
|> | As I understand samba can't go to master ldap server for doing updates
|> | like adding
|> | accounts or change passwords? :-(
|> hi,
|> in my opinion you have two choices:
|> 1. (if i understand correctly: each samba is a domaincontroller for a
|> own domain?
| Yes, you are right.
|> you make ou's in ldap an let go the samba server to the ou. than each
|> ldapserver is master for the ou.
|> 2. you let access all sambaserver only the master server. and for other
|> things (like pam_ldap or nss_ldap) the localserver.
| Sorry, this is not good decigion.
|> idea to the developer: maybe the eases would to define two ldapserver?
|> one for write and on for search?
|> 3. also an idea, maybe it's already solved? when working with a sasl
|> bind the backup-ldapserver should be able to give a update-reference
|> back, which is saying: stop, please update this leave on that server.
| As I see samba uses simple bind and has no support for sasl bind.

yes this was a choice (if not yet done) to a developer :) also the 2nd
part from choice 2.

| May be there is another decigion?
| For instance, to have parameter for choose master ldap server?

as mentoined in choice 2 :) also for a developer?


- --
# Thomas Stegbauer
# Tronicplanet Datendienst GmbH
# http://www.keyserver.de:11371/pks/lookup?op=get&search=0xFF837A1A

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list