[Samba] 2 Domains on one server (browse.dat location) (3.0.9)
Demchenko Yevheniy
zheka at uvt.cz
Thu Jan 27 19:57:01 GMT 2005
On Thursday 27 January 2005 17:53, you wrote:
> zheka wrote:
> > Duncan Brannen wrote:
> >> Appologies for double posting this. I managed to add it to the end
> >> of an old thread instead of starting a new one,
> >> anyone recommend a mail client that shows threads? :)
> >>
> >>
> >> Hi,
> >> I'm trying to run 2 domains from the one server. I've got my 2
> >> config files
> >> and both servers run, bound to the correct interface if started
> >> normally.
> >>
> >> The problem I have occurs when I try to start both at once. nmdb
> >> seems to be hardwired
> >> to write to $SAMBA_ROOT/var/locks/browse.dat so each instance of
> >> nmbd overwrites
> >> the data of the other.
> >>
> >> Have I missed an option to configure it to write elsewhere? ( log,
> >> lock & pid dirs don't do it)
> >> or, do I have to recompile samba with a new root?
> >>
> >> Feature Request:: Is it possible to have an option to reset this
> >> location if it doesn't exist?
> >>
> >> Is there a good howto anywhere on 2 domains / one machine or a good
> >> reason not to do it?
> >> (Pref for Solaris)
> >>
> >> We've got the same users in each domain, with the same ldap backend,
> >> The problem
> >> being solved is that of giving some users escalated permissions when
> >> logged into their
> >> own domain (Set group of machines ) but allowing them to log into the
> >> "World usable"
> >> domain (open access machines) with normal permissions. Joe Blogs
> >> shouldn't be able to
> >> login to the 2nd domain, & I've controlled access using the ldap
> >> filter in smb.conf. (Good / Bad idea?)
> >>
> >> Any comments from those who done this appreciated.
> >>
> >> Cheers,
> >> Duncan
> >
> > Yes, you missed the parameter "lock directory" in smb.conf. browse.dat
> > lays under the lock directory path.
> > I have successfull installation of samba server with two domains, but
> > it works only if locking directories are separated. And yes, you will
> > need separate ldap records for same users in different domains
> > (because of different SIDs).
>
> I've set the lock directory (see above, tried lock, log and pid) but
> this doesn't change the browse.dat location, just the pid /
> filename.tdb location. Possibly the overwriting of browse.dat by the
> two nmbd processes is a red herring and it should work.
>
> I've set the SIDs' of the two domains to be the same so I only need one
> set of user records. Which version are you using? I'm going to try
> again with 3.0.11,
> and compile them into distinct directories if it still fails.
>
> Cheers,
> Duncan
Didn't you forget to point the second instance of nmbd (for second) domain to
the right smb.conf? How do you start samba?
try this:
smbd -s /path/to/smb.conf1
nmbd -s /path/to/smb.conf1
smbd -s /path/to/smb.conf2
nmbd -s /path/to/smb.conf2
In my case (samba 3.0.4) browse.dat _do_ lies under locks directory,
will try it on samba 3.0.11pre2 tomorrow.
did you use some prepackaged binary or compiled it?
if so, how did configure string look like?
--
Ing. Yevheniy Demchenko,
UVT s.r.o.
More information about the samba
mailing list