[Samba] Samba/LDAP Domains and multiple File Servers

Wed Mar 22 15:10:12 GMT 2006

On Wed, 2006-03-22 at 10:01 -0500, Matt Ingram wrote:
> 
> >> hmm are you referring to the chapter on Making Happy Users?  That 
> >> chapter does not address the the scenario I am going for.   The sample 
> >> given is still using home drives that reside on the PDC and mounted on 
> >> the BDC via NFS; which is not what I'm looking for.  What I'm looking 
> >> for is, Site one's users home drives exclusively running off of BDC1; 
> >> site 2's users home drives exclusively running off of BDC2, and so on.
> >>
> >> Here's what I've tried:
> >> on the BDC's smbldap-tools I've set the smbldap-tools.conf SID to that 
> >> of the PDC instead of the BDC's SID, while things like the home drive 
> >> are pointing to the BDC, instead of the PDC.  This seems to work, the 
> >> way I was hoping.. are you aware of any problems having the setup like this?
> >>     
> > ----
> > let's keep this on list please.
> >
> >   
> > doesn't sound remotely like the samba documentation describes it and if
> > it works for you - great.
> >
> > The intent of samba software is that PDC and any/all BDC's have the
> > exact same LDAP data - at least as far as all Samba user/group/computer
> > attributes are concerned and a BDC would have it's own SID, not the same
> > SID as the PDC. That would track the methodology of a Windows NT 4 type
> > DOMAIN.
> >
> >   
> which is what I'm doing.   The BDC still does have its own SID and it 
> uses the exact same ldap data as the PDC.   It's just in the 
> /etc/smbldap-tools/smbldap.conf file on the BDC, I set the SID to use 
> that of the PDC.  When I had the SID set to the BDC (in the 
> smbldap.conf), logons didn't work when an account was generated with the 
> smbldap-useradd on the BDC. I'm assuming the SID of a user on the domain 
> has to have the SID prefix of the PDC, not any other server on the domain.
> > Since a passdb of LDAP or tdb types actually permit you to have user
> > home drives and profiles set individually, it really isn't much effort
> > to assign these paths individually for users to whichever server you
> > want them to use.
> >
> >   
> you're right, it isn't much effort to modify the home drives a users on 
> different servers.  But being able to use the smbldap-tools to do all of 
> that for you, is a smoother solution, imo - assuming there is no issues 
> in doing it.
> > Am I aware of any problems having the setup like you have described
> > yours to be? No - but I tend towards setting things up as they were
> > intended to be done.
> >   
> I don't think I'm doing anything that strange here.. I've just added the 
> smbldap-tools to the BDC as well, and modified the smbldap.conf file so 
> that it will create users home drives and ldap settings to use a home 
> drive on the BDC.   If I am doing something strange here, in a way samba 
> is not intended to be used, please point it out to me. I don't want to 
> shoot myself in the foot later on ;).
----
That sort of makes sense.

How are the scripts being accessed on the BDC?
Are you running them from command line on each BDC? 

I hope that the LDAP referenced in your smb.conf is your 'master' LDAP
server and that the changes to the master propogate to the
'slaves' (your BDC) and that make take a few seconds.

Craig