[Samba] 2 Domains on one server (browse.dat location) (3.0.9)

Demchenko Yevheniy zheka at uvt.cz
Thu Jan 27 19:57:01 GMT 2005


On Thursday 27 January 2005 17:53, you wrote:
> zheka wrote:
> > Duncan Brannen wrote:
> >> Appologies for double posting this.  I managed to add it to the end
> >> of an old thread instead of starting a new one,
> >> anyone recommend a mail client that shows threads? :)
> >>
> >>
> >> Hi,
> >>     I'm trying to run 2 domains from the one server.  I've got my 2
> >> config files
> >> and both servers run, bound to the correct interface if started
> >> normally.
> >>
> >> The problem I have occurs when I try to start both at once.  nmdb
> >> seems to be hardwired
> >> to write to $SAMBA_ROOT/var/locks/browse.dat  so each instance of
> >> nmbd overwrites
> >> the data of the other.
> >>
> >> Have I missed an option to configure it to write elsewhere? ( log,
> >> lock & pid dirs don't do it)
> >> or, do I have to recompile samba with a new root?
> >>
> >> Feature Request::  Is it possible to have an option to reset this
> >> location if it doesn't exist?
> >>
> >> Is there a good howto anywhere on 2 domains / one machine or a good
> >> reason not to do it?
> >> (Pref for Solaris)
> >>
> >> We've got the same users in each domain, with the same ldap backend,
> >> The problem
> >> being solved is that of giving some users escalated permissions when
> >> logged into their
> >> own domain (Set group of machines ) but allowing them to log into the
> >> "World usable"
> >> domain (open access machines) with normal permissions. Joe Blogs
> >> shouldn't be able to
> >> login to the 2nd domain, & I've controlled access using the ldap
> >> filter in smb.conf. (Good / Bad idea?)
> >>
> >> Any comments from those who done this appreciated.
> >>
> >> Cheers,
> >>     Duncan
> >
> > Yes, you missed the parameter "lock directory" in smb.conf. browse.dat
> > lays under the lock directory path.
> > I have successfull installation of samba server with two domains, but
> > it works only if locking directories are separated. And yes, you will
> > need separate ldap records for same users in different domains
> > (because of different SIDs).
>
> I've set the lock directory (see above, tried lock, log and pid) but
> this doesn't change the browse.dat location, just the pid /
> filename.tdb  location.  Possibly the overwriting of browse.dat by the
> two nmbd processes is a red herring and it should work.
>
> I've set the SIDs' of the two domains to be the same so I only need one
> set of user records.  Which version are you using?  I'm going to try
> again with 3.0.11,
> and compile them into distinct directories if it still fails.
>
> Cheers,
>          Duncan

Didn't you forget to point the second instance of nmbd (for second) domain to 
the right smb.conf? How do you start samba?
try this:
smbd -s /path/to/smb.conf1
nmbd -s /path/to/smb.conf1
smbd -s /path/to/smb.conf2
nmbd -s /path/to/smb.conf2

In my case (samba 3.0.4) browse.dat _do_ lies under locks directory,
will try it on samba 3.0.11pre2 tomorrow.
did you use some prepackaged binary or compiled it?
if so, how did configure string look like? 

-- 
Ing. Yevheniy Demchenko,
UVT s.r.o.



More information about the samba mailing list