[Samba] Samba PDC with Slave LDAP server

Anthony Messina amessina at messinet.com
Sat Jan 28 06:04:59 GMT 2006

ashok cvs wrote:
> Hi all
> Thanks for Replying , i have another query.
> In BDC , according the samba3-by example PDF,
> IDMAP is said to be pointed to Master LDAP Server.
> But in Master LDAP server i have samba 3.0.21, which is configured as PDC,
> i have created users and all windows users are able to login to PDC.
> but i have only these entries in ou=Idmap, in Master LDAP server
> dn:ou=Idmap,dc=mydomain,dc=com
> objectClass: Organizational Unit
> objectClass: SambaunixIdpool
> ou: idmap
> uidnumber: 10000
> gidnumber: 10000
> Apart from these entries in ou=Idmap, i donot have any other entries,
> i home some how feel, there should be more entires, ie when ever a user is
> created
> there should some entry.
> what is wrong,
> now since i have already created users, and all my windows clients are
> already joined,
> without disturibing the current environment, is it possible to correct the
> Idmap problem.
> please guide  me
> Regards
> ashok
> On 1/27/06, *Anthony Messina* <amessina at messinet.com 
> <mailto:amessina at messinet.com>> wrote:
>     ashok cvs wrote:
>      > Hi all
>      >
>      > I have a samba PDC with LDAP with samba version
>     3.0.21,(domain=mydomain.com <http://mydomain.com>
>      > ).
>      >  the samba and openldap are configured on a single system.
>      >  i would like to setup samba BDC with slave LDAP server for domain
>      > mydomain.com <http://mydomain.com>
>      > and samba BDC is also having DNS server for domain .
>      >
>      > my query is, the nsswitch.conf and ldap.con of BDC should point
>     to it's own
>      > LDAP server
>      > or Master LDAPserver
>      >
>      > and in smb.conf file of BDC, the passdb backed should point to
>     master or
>      > slave.
>      >
>      > and smbpasswd -w <password>, (which password should i enter , the
>     master
>      > LDAP server rootdn password or slave LDAP server rootdn passowrd)
>      >
>      > please guide me
>      >
>      > Regards
>      > ashok
>     the bdc should point to its local ldap (slave) server.  this is what
>     gives you the ability to run as a *backup*.  if you had both pdc and bdc
>     pointing to the master ldap server and that server went down, your bdc
>     is worthless.
>     read the "official how-to" at samba.org <http://samba.org>.  it
>     describes the various
>     options for setting up a pdc and bdc with ldap.
>     http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
>     by far, the best is pointing the pdc at the master ldap server
>     (read/write) and pointing the bdc at the slave server (read only).
>     you will also need to point your nsswitch.conf and your ldap.conf on the
>       bdc to the slave server (assuming your samba bdc is on the same host
>     as your slave ldap server.
>     -anthony

i'll need some additional help from some experts on this one...  afaik, 
idmap is not used when winbind isn't used and if your users share both 
posix and samba info together in ldap.  if you have a samba pdc and bdc, 
with a properly set up ldap that has all posix/samba infor for each user 
combined, then you don't need winbind (because you're not pulling 
usernames from windows) and you don't need idmap.

please correct me if i am wrong because this is how i understood the 
samba howto.

though i can say, i don't use idmap anywhere and i have no problems 
mapping users effectively.


My Website: http://messinet.com
My Online Gallery: 

More information about the samba mailing list