[Samba] Re: SAMBA3 + LDAP

paul kölle paul at subsignal.org
Wed Dec 21 17:05:19 GMT 2005 

mallapadi niranjan wrote:
> Hi paul
> 
> Thanks for Guiding me  .
> 
> I am creating a PDC and 2 BDC's with samba3 with LDAP,
> 
> sorry if this is silly question, since i  am new, guide me
> 
> 1) what all default ACL's need to be written in slapd.conf
> apart from users changing passwords . with respect to the samba 3 LDAP
> schema,
How am I supposed to know? Its your setup. I tend to create an
administrative DN in ldap, say cn=smbadmin,ou=admins,dc=whatever... and
give it full access to samba attributes and the pseudo attributes
(children,entry). Then I have one rootbinddn for /etc/ldap.conf with
full write access to @posixAccount attributes. All other nss_ldap
operations (for getent, id, etc) are done anonymously.

> i have only these OU's which come with smbldap tools
> 1) Domain Admins, Domain Groups, People, Groups, Computers, IDMAP,
Does this make sense to you? Why do you need so many containers? I use
ou=users, ou=groups, ou=idmap. If a group is usable for samba is
determined by its attributes. A samba group has to be a unixGroup or
groupOfNames anyway and since you have to setup nss_ldap to search with
?sub they will all count as unix groups as well.

> 
> 2) I have a PDC and some other system as File server, ie i want folders in
> another system as default home drive , which i want to write in Logon
> script, so user to redirect to his home drive in another system, should i
> install samba in that system also or should i do NFS mount ,
Don't use NFS, it has incomplete locking semantics, join the fileserver
to your domain.

> and i have about 500 groups and i want folders  in the files systems to be
> mapped in the file server to be mapped as drives, which probably i will
> write a Logon script, but the confusion is how do i go about it,
There is no magic here, if you have samba on your fileserver joined to
your domain, you can access all its shared folders through \\foo\bar
syntax. You need nss_ldap on the member server as well to unify your
uid/gid namespace.

> 3) if i use NFS , i want nfs mount to be with ACL support so that i can use
> setfacl , and getfacl's in file server
Don't use NFS.
> 
> 4) i want to create 2 BDC's which , is it possible to synchronize PDC-> BDC
> and BDC->PDC, ie if i make any changes in BDC's will it get reflected in PDC
> also
For this to work, you need a ldap "master" server at the PDC and setup
replication to two "slave" ldap servers at both BDC's. Write operations
to the BDC will directed to the master and replicated back to the slaves.

> 
> kindly guide me
Nope, sorry. You need to read up on general concepts about windows
networks, how LDAP works, etc.. I suggest your start with the official
samba documentation "Samba by Example" by John Terpstra witch is
available printed as well as online.
cheers
 Paul

> 
> Regards
> Niranjan

More information about the samba mailing list