[Samba] Need help setting up a Samba 3.x Backup Domain Controller with LDAP

Gerald (Jerry) Carter jerry at samba.org
Fri Nov 7 03:59:02 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Travis L. Bean wrote:

|   From the man page and Samba how-to documentation,
| I understand this "idmap" reference to only be used
| for member servers and backup domain
| controllers that don't have their own "passdb"?

All BDC's must share the same passdb backend as the PDC.
winbindd is only needed on a DC to handle trusted users/groups.

| So when you setup the reference in the Backup Domain
| Controllers smb.conf do you only include
| the following reference to "idmap" and leave out the reference to
| "passdb backend=ldapsam"?  Something like this?:
|
| idmap backend = ldap:ldap://bdc-srv.domain.com
| idmap gid = 10000-20000
| idmap uid = 10000-20000
| ldap idmap suffix = ou=idmap,dc=domain,dc=com

remove this and keep the "passdb backend = ldapsam"
line

| and use something like this for the primary domain controller??:
|
| ldap suffix = dc=domain,dc=com
| passdb backend = ldapsam:"ldap//pdc-srv.domain.com \
| ldap//bdc-srv.domain.com"

Note the "'s I've added to use the server failure
in the LDAP libs.

| Also, in the backup domain controller's smb.conf I assume I set "local
| master", "domain master" and "preferred master" all to "no", etc, etc.

domain master = no is the only one you really need to worry about.



cheers, jerry
- --
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/qxiGIR7qMdg1EfYRAtjXAJsGz2HSvEuWy/tNXY88MmbIKoCkZwCg2OcD
N/4Ec53NTPJqxR6QPqE2AwU=
=7C59
-----END PGP SIGNATURE-----




More information about the samba mailing list