[Samba] [[ LDAP - PDC/BDC Strategy ]]

Michael Gasch gasch at eva.mpg.de
Wed Jul 21 11:33:44 GMT 2004 

hi

there's - maybe only for me - one problem:

i can add just on IDMAP BACKEND server in smb.conf for winbindd
so if this IDMAP BACKEND (most likely PDC) fails (or better: his ldap 
server), IDMAPing also fails for winbindd

andrew told me, that it should work, but it doesn't for me under samba 
v3.0.4

best,
micha

Felipe Augusto van de Wiel schrieb:
> 
> 
> Paul Gienger wrote:
> 
> Hi Paul,
> 
> Felipe Augusto van de Wiel wrote:
> 
> :: Hi rruegner,
> 
> :: rruegner wrote:
> :::: you dont have to struggle around,
> :::: if you have a ldap master allready running
> :::: setup a ldap slave on the bdc machine,
> :::: and configure the bdc smb.conf as bdc with
> :::: asking the ldap slve for auth
> :::: thats all
> 
> 
> ::   Sorry but maybe I'm missing something. In my tests
> :: it didn't work, because of the read only status of
> :: ldap slave, the machines account password are changed
> :: lots of times.
> :: There are lines in the smbldap-tools package (which I
> :: hope you're using by now) that you can specify a 'ldap
> :: master' that will be referred to in instances where an
> :: ldap-modify command is needed as opposed to a simple
> :: ldap-search.
> 
>    Yes, I use smbldap-tools package! :) But, I really do
> not understand how it is related with the PDC/BDC system.
> Is is a 'smbd' task, the LDAP server is responsible to
> make the replication, and the smbd the authentication.
> 
>    The docs are clearly to say that I need to put the
> User and Group SID inside the LDAP base do allow the
> Samba Server (I have 8 Samba Server, which 5 of them
> are on differente networks) to act as PDC/BDC system.
> In other words, if master fails, secondary will take
> over the 'auth' task until the master re-appears. :)
> 
> 
> ::::  But AFAICT the PDC/BDC also needs the SID mapped
> :::: inside the LDAP, and actually I doesn't have it.
> 
> :: Are you saying that the SID on each machine is
> :: different?  If that is the case you need to do
> :: a net getlocalsid on your pdc and then a net
> :: setlocalsid (output of last command) on the bdc
> :: machine.
> 
>    No, I'm not talking about machines. I'm talking
> about users. Probably I have two majors problems, the
> samba-3.0.0-beta2 (we'll migrate this week) and the
> structure of the LDAP base, in other words, the samba
> schema.
> 
>    I'm trying to discover which fields are required
> for each user. Looking at SAMBA3 HOW TO, the idmap
> backend is required for LDAP PDC/BDC Strategy to work,
> in other words, users must have only one SID along the
> entire 'Directory'.
> 
>    The point is that I'm trying to check and be sure
> of what I'm doing on my 'Directory' and on my network.
> 
>    :)
> 
> // Felipe
> 

-- 


          "Matrix - more than a vision"

**************************************************
                  Michael Gasch

            - Central IT Department -

Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig

Germany
**************************************************

More information about the samba mailing list