[Samba] [[ LDAP - PDC/BDC Strategy ]]

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Mon Jul 19 21:23:03 GMT 2004 


Paul Gienger wrote:

Hi Paul,

Felipe Augusto van de Wiel wrote:

:: Hi rruegner,

:: rruegner wrote:
:::: you dont have to struggle around,
:::: if you have a ldap master allready running
:::: setup a ldap slave on the bdc machine,
:::: and configure the bdc smb.conf as bdc with
:::: asking the ldap slve for auth
:::: thats all


::   Sorry but maybe I'm missing something. In my tests
:: it didn't work, because of the read only status of
:: ldap slave, the machines account password are changed
:: lots of times. 

:: There are lines in the smbldap-tools package (which I
:: hope you're using by now) that you can specify a 'ldap
:: master' that will be referred to in instances where an
:: ldap-modify command is needed as opposed to a simple
:: ldap-search.

    Yes, I use smbldap-tools package! :) But, I really do
not understand how it is related with the PDC/BDC system.
Is is a 'smbd' task, the LDAP server is responsible to
make the replication, and the smbd the authentication.

    The docs are clearly to say that I need to put the
User and Group SID inside the LDAP base do allow the
Samba Server (I have 8 Samba Server, which 5 of them
are on differente networks) to act as PDC/BDC system.
In other words, if master fails, secondary will take
over the 'auth' task until the master re-appears. :)


::::  But AFAICT the PDC/BDC also needs the SID mapped
:::: inside the LDAP, and actually I doesn't have it.

:: Are you saying that the SID on each machine is
:: different?  If that is the case you need to do
:: a net getlocalsid on your pdc and then a net
:: setlocalsid (output of last command) on the bdc
:: machine.

    No, I'm not talking about machines. I'm talking
about users. Probably I have two majors problems, the
samba-3.0.0-beta2 (we'll migrate this week) and the
structure of the LDAP base, in other words, the samba
schema.

    I'm trying to discover which fields are required
for each user. Looking at SAMBA3 HOW TO, the idmap
backend is required for LDAP PDC/BDC Strategy to work,
in other words, users must have only one SID along the
entire 'Directory'.

    The point is that I'm trying to check and be sure
of what I'm doing on my 'Directory' and on my network.

    :)

// Felipe

More information about the samba mailing list