[Samba] Idealx programs and ldap backend

Adrian Chow achow at uwcsea.edu.sg
Wed Jun 16 16:56:28 GMT 2004

Hi Paul,

thanks for the reply.  
2 questions:-
1.  In the smbldap-useradd.pl file, there are lines that are commented out.  SInce my add machine script is only with "-w", and my with_smbpasswd variable in the smbldap_conf is =0, i found that it will only create a posix account on the ldap.  I don't see it creating the samba portion in the ldap.  Does it do it automatically?  My ldap shows that the samba portion is done automatically.  [However I think I have to join the domain 2 times for each machine.... don't know why the first time it joins it fails..  The second time succeeds.]
2.  Can I know what happens if my refferals is not done properly and I point my passwd backend to the ldap slave server?  Does it have an effect only when a machine joins the domain?



---------- Original Message ----------------------------------
From: Paul Gienger <pgienger at ae-solutions.com>
Date:  Wed, 16 Jun 2004 07:50:31 -0500

>Adrian Chow wrote:
>> Hi,
>> I got the following setup.
>> I got a openLDAP server.  This server is the master server for LDAP 
>> functions.  I named this ldapsrv.
>> I got a samba server with openLDAP install on it as well.  This LDAP 
>> server is the slave to ldapsrv.  I named this sambasrv.
>> The sambasrv  currently have the following setup in /etc/smb.conf:-
>> passdb backend = ldapsam:ldap://ldapsrv.domain
>> idmap backend = ldap://ldapsrv.domain
>> add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
>> delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
>> add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
>> delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
>> add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m 
>> '%u' '%g'
>> delete user from group script = 
>> /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
>> set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g 
>> '%g' '%u'
>> add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
>> shutdown script = /var/lib/samba/scripts/shutdown.sh
>> I want to use sambasrv's openldap directory to read off the passwords 
>> instead of reading it off the network from ldapsrv.  Note that all 
>> changes have to be done on ldapsrv in order to be propogated to 
>> sambasrv.  Will I have any issues if I shift the 'passdb backend' and 
>> 'idmap backend' to point to ldapsrv?
>> Can i do the above with the smbldap_conf.pm file untouched?  The 
>> smbldap_conf.pm files currently point to ldapsrv as the changes will 
>> need to be done on it.
>> The reason I asked is that during clients authentication or connecting 
>> to the sambasrv, will it modify the ldap entries since smb.conf will 
>> point to sambasrv which is the slave LDAP.  I think all changes need 
>> to start from ldapsrv.
>If you have referrals set up properly then the slave will send the 
>modify requests up the the master that can write to the db.  One note 
>however, if you switch all references over to the slave, try a domain 
>join in test before you roll out.  My particular ldap servers are over a 
>WAN and samba would actually time out before the account would replicate 
>to my local slave unless I hacked a sleep in to the add machine function.
>Paul Gienger                     Office:		701-281-1884
>Applied Engineering Inc.         Cell:			701-306-6254
>Information Systems Consultant   Fax:			701-281-1322
>URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list