[Samba] Samba LDAP multiple servers

Patrick liststhor at firerun.net
Wed Nov 26 19:34:50 GMT 2003 

Adam Williams wrote:

>>I have 1 Samba 3.0 server with LDAP 2.1.23 running on backend from the same machine. These are both RedHat 8.0. I have 2 other servers I would like to use the same LDAP directory. I used net join to join the servers to the domain. Prior to joining the domain the the servers had no SID. After using net join they got a new SID (net getlocalsid). In the LDAP directory what SID base should be attached to users and computers that I add? The original Domain SID?
>>    
>>
>
>You should really add users VIA samba,  or at least the sambaSamAccount
>objectclass.  This will work if you already have a posixAccount
>objectclass.  It will generate the SID based upon the domain SID and the
>uidNumber/gidNumber.
>
>  
>
>>I may have messed this up. What I want to do is set up the second 2 servers as member servers in the domain, and put user accounts with home directories on them. User uses LDAP to authenticate to member server. So far I can create an account and login in but I am unsure if I m using the SID for the user correctly.
>>    
>>
>
>Let Samba set the SID.
>
>  
>
>>What is a recommended for master slave LDAP servers that are used primarily for authentication to Samba servers. Should I set up a slave LDAP server for the member servers? These member servers would be located in separate buildings. The main server has about 1000 user accounts, and member servers about 120 each when finished.
>>    
>>
>
>Eh?  User accounts exist in the SAM,  in this case LDAP - everywhere. 
>Slaves are just replicas of the master for redundancy and performance.
>
>  
>
>> At any one time I anticipate 20-30% will be logged in during peak hours.
>>
>>Any help that anyone can give me on this I'd appreciate. This is a fairly large installation that eventually will span 8 building each with there own Samba server but authenticating to a single OpenLDAP directory.
>>    
>>
>
>Make a master LDAP on the PDC,  load all the users.
>Join the member servers to the domain.
>Create LDAP replicas on several/all member servers.
>Setup NSS on the member servers to use their local/near-by LDAP replica.
>  
>

 From what it sounds like you want to span the load of the PDC to 
mahines that will be in each building.  In this case the samba server in 
each building should not be member servers.  They should instead be a 
BDC.  Each machine should me using a replica LDAP server and have samba 
configured as a BDC.  As  mentioned by Adam Williams you will need each 
of the BDC machines using NSS setup to use the LDAP replicas.

To setup the BDC the Samba 3 HowTo Collection gives all the information 
you should need.  This is what I used and everything seems to be working 
here.

Partick

More information about the samba mailing list