[Samba] Re: samb3-ldap PDC and BDC

jamrock news_jamrock at yahoo.com
Thu Oct 21 01:49:34 GMT 2004

"Mihai Costache" <tepesu at yahoo.com> wrote in message
news:20041020081653.40157.qmail at web54109.mail.yahoo.com...
>       hi,
>  until now (about 1 year ago) i was working only with
> samba3+ldap PDC, but in near future my company enlarge his
> network with 6 new branchs spreaded all oever the country
> and i must build a scalable network with Samba-3 PDCs and
> BDCs, implement LDAP replication and multiple LDAP
> backends, all this over some VPNs(ipsec) .
>  so, can tell me anyone how work the relationship beetwen a
> samba3-ldap PDC and a samba3-ldap BDC and how openldap
> server must replicate ?
> thanks,
> Mihai

Here are a few things to keep in mind...

Any user logging onto Samba has to pass the Samba authentication as well as
the Linux authentication.  Ater all, the samba service is running on the
Linux box.

I know of two ways to achieve this with LDAP.

One way is to keep the Samba authentication info. in LDAP and to keep the
Linux authentication info (POSIX) in the /etc/passwd and /etc/group files.

The other way is to keep both the Samba and POSIX authentication info. in
LDAP.  This approach requires the use of the nss_ldap software from
www.padl.com.  The /etc/nsswitch.conf file is used to tell Linux to search
for the user's authentication info. in the LDAP directory.

If you use the second approach, you will have all the user's information in
a single location.  Configure LDAP to replicate the directory to another
Samba machine, make the appropriate entries in the smb.conf files of both
machines and you have a PDC and BDC.  Documentation on the Samba website
will show you how to configure the smb.conf files.

Along the way you will have to get familiar with the scripts from Idealx
which add the user's POSIX info. to LDAP.

Configuring LDAP for replication is off topic for this list but is a well
documented process.   Try and get hold of a good LDAP book.  Verify that the
machine is authenticating POSIX info. against LDAP before attempting the

More information about the samba mailing list