[Samba] Samba/LDAP Domains and multiple File Servers
craigwhite at azapple.com
Wed Mar 22 15:10:12 GMT 2006
On Wed, 2006-03-22 at 10:01 -0500, Matt Ingram wrote:
> >> hmm are you referring to the chapter on Making Happy Users? That
> >> chapter does not address the the scenario I am going for. The sample
> >> given is still using home drives that reside on the PDC and mounted on
> >> the BDC via NFS; which is not what I'm looking for. What I'm looking
> >> for is, Site one's users home drives exclusively running off of BDC1;
> >> site 2's users home drives exclusively running off of BDC2, and so on.
> >> Here's what I've tried:
> >> on the BDC's smbldap-tools I've set the smbldap-tools.conf SID to that
> >> of the PDC instead of the BDC's SID, while things like the home drive
> >> are pointing to the BDC, instead of the PDC. This seems to work, the
> >> way I was hoping.. are you aware of any problems having the setup like this?
> > ----
> > let's keep this on list please.
> > doesn't sound remotely like the samba documentation describes it and if
> > it works for you - great.
> > The intent of samba software is that PDC and any/all BDC's have the
> > exact same LDAP data - at least as far as all Samba user/group/computer
> > attributes are concerned and a BDC would have it's own SID, not the same
> > SID as the PDC. That would track the methodology of a Windows NT 4 type
> > DOMAIN.
> which is what I'm doing. The BDC still does have its own SID and it
> uses the exact same ldap data as the PDC. It's just in the
> /etc/smbldap-tools/smbldap.conf file on the BDC, I set the SID to use
> that of the PDC. When I had the SID set to the BDC (in the
> smbldap.conf), logons didn't work when an account was generated with the
> smbldap-useradd on the BDC. I'm assuming the SID of a user on the domain
> has to have the SID prefix of the PDC, not any other server on the domain.
> > Since a passdb of LDAP or tdb types actually permit you to have user
> > home drives and profiles set individually, it really isn't much effort
> > to assign these paths individually for users to whichever server you
> > want them to use.
> you're right, it isn't much effort to modify the home drives a users on
> different servers. But being able to use the smbldap-tools to do all of
> that for you, is a smoother solution, imo - assuming there is no issues
> in doing it.
> > Am I aware of any problems having the setup like you have described
> > yours to be? No - but I tend towards setting things up as they were
> > intended to be done.
> I don't think I'm doing anything that strange here.. I've just added the
> smbldap-tools to the BDC as well, and modified the smbldap.conf file so
> that it will create users home drives and ldap settings to use a home
> drive on the BDC. If I am doing something strange here, in a way samba
> is not intended to be used, please point it out to me. I don't want to
> shoot myself in the foot later on ;).
That sort of makes sense.
How are the scripts being accessed on the BDC?
Are you running them from command line on each BDC?
I hope that the LDAP referenced in your smb.conf is your 'master' LDAP
server and that the changes to the master propogate to the
'slaves' (your BDC) and that make take a few seconds.
More information about the samba