[Samba] 2 Domains on one server (browse.dat location) (3.0.9)
zheka at uvt.cz
Thu Jan 27 19:57:01 GMT 2005
On Thursday 27 January 2005 17:53, you wrote:
> zheka wrote:
> > Duncan Brannen wrote:
> >> Appologies for double posting this. I managed to add it to the end
> >> of an old thread instead of starting a new one,
> >> anyone recommend a mail client that shows threads? :)
> >> Hi,
> >> I'm trying to run 2 domains from the one server. I've got my 2
> >> config files
> >> and both servers run, bound to the correct interface if started
> >> normally.
> >> The problem I have occurs when I try to start both at once. nmdb
> >> seems to be hardwired
> >> to write to $SAMBA_ROOT/var/locks/browse.dat so each instance of
> >> nmbd overwrites
> >> the data of the other.
> >> Have I missed an option to configure it to write elsewhere? ( log,
> >> lock & pid dirs don't do it)
> >> or, do I have to recompile samba with a new root?
> >> Feature Request:: Is it possible to have an option to reset this
> >> location if it doesn't exist?
> >> Is there a good howto anywhere on 2 domains / one machine or a good
> >> reason not to do it?
> >> (Pref for Solaris)
> >> We've got the same users in each domain, with the same ldap backend,
> >> The problem
> >> being solved is that of giving some users escalated permissions when
> >> logged into their
> >> own domain (Set group of machines ) but allowing them to log into the
> >> "World usable"
> >> domain (open access machines) with normal permissions. Joe Blogs
> >> shouldn't be able to
> >> login to the 2nd domain, & I've controlled access using the ldap
> >> filter in smb.conf. (Good / Bad idea?)
> >> Any comments from those who done this appreciated.
> >> Cheers,
> >> Duncan
> > Yes, you missed the parameter "lock directory" in smb.conf. browse.dat
> > lays under the lock directory path.
> > I have successfull installation of samba server with two domains, but
> > it works only if locking directories are separated. And yes, you will
> > need separate ldap records for same users in different domains
> > (because of different SIDs).
> I've set the lock directory (see above, tried lock, log and pid) but
> this doesn't change the browse.dat location, just the pid /
> filename.tdb location. Possibly the overwriting of browse.dat by the
> two nmbd processes is a red herring and it should work.
> I've set the SIDs' of the two domains to be the same so I only need one
> set of user records. Which version are you using? I'm going to try
> again with 3.0.11,
> and compile them into distinct directories if it still fails.
Didn't you forget to point the second instance of nmbd (for second) domain to
the right smb.conf? How do you start samba?
smbd -s /path/to/smb.conf1
nmbd -s /path/to/smb.conf1
smbd -s /path/to/smb.conf2
nmbd -s /path/to/smb.conf2
In my case (samba 3.0.4) browse.dat _do_ lies under locks directory,
will try it on samba 3.0.11pre2 tomorrow.
did you use some prepackaged binary or compiled it?
if so, how did configure string look like?
Ing. Yevheniy Demchenko,
More information about the samba