[Samba] Idealx programs and ldap backend
Adrian Chow
achow at uwcsea.edu.sg
Wed Jun 16 16:56:28 GMT 2004
Hi Paul,
thanks for the reply.
2 questions:-
1. In the smbldap-useradd.pl file, there are lines that are commented out. SInce my add machine script is only with "-w", and my with_smbpasswd variable in the smbldap_conf is =0, i found that it will only create a posix account on the ldap. I don't see it creating the samba portion in the ldap. Does it do it automatically? My ldap shows that the samba portion is done automatically. [However I think I have to join the domain 2 times for each machine.... don't know why the first time it joins it fails.. The second time succeeds.]
2. Can I know what happens if my refferals is not done properly and I point my passwd backend to the ldap slave server? Does it have an effect only when a machine joins the domain?
Thanks.
adrian
---------- Original Message ----------------------------------
From: Paul Gienger <pgienger at ae-solutions.com>
Date: Wed, 16 Jun 2004 07:50:31 -0500
>
>
>Adrian Chow wrote:
>
>> Hi,
>>
>> I got the following setup.
>>
>> I got a openLDAP server. This server is the master server for LDAP
>> functions. I named this ldapsrv.
>> I got a samba server with openLDAP install on it as well. This LDAP
>> server is the slave to ldapsrv. I named this sambasrv.
>>
>> The sambasrv currently have the following setup in /etc/smb.conf:-
>> passdb backend = ldapsam:ldap://ldapsrv.domain
>> idmap backend = ldap://ldapsrv.domain
>> add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
>> delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
>> add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
>> delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
>> add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m
>> '%u' '%g'
>> delete user from group script =
>> /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
>> set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g
>> '%g' '%u'
>> add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
>> shutdown script = /var/lib/samba/scripts/shutdown.sh
>>
>> I want to use sambasrv's openldap directory to read off the passwords
>> instead of reading it off the network from ldapsrv. Note that all
>> changes have to be done on ldapsrv in order to be propogated to
>> sambasrv. Will I have any issues if I shift the 'passdb backend' and
>> 'idmap backend' to point to ldapsrv?
>>
>> Can i do the above with the smbldap_conf.pm file untouched? The
>> smbldap_conf.pm files currently point to ldapsrv as the changes will
>> need to be done on it.
>>
>> The reason I asked is that during clients authentication or connecting
>> to the sambasrv, will it modify the ldap entries since smb.conf will
>> point to sambasrv which is the slave LDAP. I think all changes need
>> to start from ldapsrv.
>
>If you have referrals set up properly then the slave will send the
>modify requests up the the master that can write to the db. One note
>however, if you switch all references over to the slave, try a domain
>join in test before you roll out. My particular ldap servers are over a
>WAN and samba would actually time out before the account would replicate
>to my local slave unless I hacked a sleep in to the add machine function.
>
>--
>Paul Gienger Office: 701-281-1884
>Applied Engineering Inc. Cell: 701-306-6254
>Information Systems Consultant Fax: 701-281-1322
>URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
>
>
>
More information about the samba
mailing list