[Samba] Samba PDC with Slave LDAP server
Michael Gasch
gasch at eva.mpg.de
Tue Jan 31 20:35:27 GMT 2006
winbindd on DCs is only necessary when using ntlm_auth or in trusted
domains (maybe even in more szenarios).
during my early samba tests (<3.0.4 i guess) i had trouble to point a DC
to more than one idmap backend (see threads on this list). i think this
is already fixed. currently i don´t need this feature because i use
idmap_rid
greez
Anthony Messina schrieb:
> ashok cvs wrote:
>> Hi all
>>
>> Thanks for Replying , i have another query.
>>
>> In BDC , according the samba3-by example PDF,
>> IDMAP is said to be pointed to Master LDAP Server.
>> But in Master LDAP server i have samba 3.0.21, which is configured as
>> PDC,
>> i have created users and all windows users are able to login to PDC.
>>
>> but i have only these entries in ou=Idmap, in Master LDAP server
>> dn:ou=Idmap,dc=mydomain,dc=com
>> objectClass: Organizational Unit
>> objectClass: SambaunixIdpool
>> ou: idmap
>> uidnumber: 10000
>> gidnumber: 10000
>>
>> Apart from these entries in ou=Idmap, i donot have any other entries,
>>
>> i home some how feel, there should be more entires, ie when ever a
>> user is
>> created
>> there should some entry.
>>
>> what is wrong,
>>
>> now since i have already created users, and all my windows clients are
>> already joined,
>> without disturibing the current environment, is it possible to correct
>> the
>> Idmap problem.
>>
>> please guide me
>>
>> Regards
>> ashok
>>
>> On 1/27/06, *Anthony Messina* <amessina at messinet.com
>> <mailto:amessina at messinet.com>> wrote:
>>
>> ashok cvs wrote:
>> > Hi all
>> >
>> > I have a samba PDC with LDAP with samba version
>> 3.0.21,(domain=mydomain.com <http://mydomain.com>
>> > ).
>> > the samba and openldap are configured on a single system.
>> > i would like to setup samba BDC with slave LDAP server for domain
>> > mydomain.com <http://mydomain.com>
>> > and samba BDC is also having DNS server for domain .
>> >
>> > my query is, the nsswitch.conf and ldap.con of BDC should point
>> to it's own
>> > LDAP server
>> > or Master LDAPserver
>> >
>> > and in smb.conf file of BDC, the passdb backed should point to
>> master or
>> > slave.
>> >
>> > and smbpasswd -w <password>, (which password should i enter , the
>> master
>> > LDAP server rootdn password or slave LDAP server rootdn passowrd)
>> >
>> > please guide me
>> >
>> > Regards
>> > ashok
>>
>> the bdc should point to its local ldap (slave) server. this is what
>> gives you the ability to run as a *backup*. if you had both pdc
>> and bdc
>> pointing to the master ldap server and that server went down, your
>> bdc
>> is worthless.
>>
>> read the "official how-to" at samba.org <http://samba.org>. it
>> describes the various
>> options for setting up a pdc and bdc with ldap.
>>
>> http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
>>
>> by far, the best is pointing the pdc at the master ldap server
>> (read/write) and pointing the bdc at the slave server (read only).
>>
>> you will also need to point your nsswitch.conf and your ldap.conf
>> on the
>> bdc to the slave server (assuming your samba bdc is on the same
>> host
>> as your slave ldap server.
>>
>> -anthony
>>
>
> i'll need some additional help from some experts on this one... afaik,
> idmap is not used when winbind isn't used and if your users share both
> posix and samba info together in ldap. if you have a samba pdc and bdc,
> with a properly set up ldap that has all posix/samba infor for each user
> combined, then you don't need winbind (because you're not pulling
> usernames from windows) and you don't need idmap.
>
> please correct me if i am wrong because this is how i understood the
> samba howto.
>
> though i can say, i don't use idmap anywhere and i have no problems
> mapping users effectively.
>
> -anthony
>
More information about the samba
mailing list