[Samba] ldapsam backend for standalone server - is it possible?

J Xu janix2000 at yahoo.co.uk
Fri May 11 12:33:24 GMT 2007 

--- Volker Lendecke <Volker.Lendecke at SerNet.DE> wrote:

> On Thu, May 10, 2007 at 08:58:44PM +1000, Andrew
> Bartlett wrote:
> > > 1) I know how to set up a standalone server with
> > > tdbsam backend and I can  setup a ldapsam based
> domain
> > > controller. Just that I could't get a standalone
> > > server with ldapsam backend.
> > 
> > I always hoped this kind of thing would work, but
> I don't
> > think anybody ever tests it...
> 
> Wait a second -- LDAP has nothing to do with DC or
> not. I
> would be very suprised if this did not work.

That is what I had thought. But I just could not get
it work - always got login failure: no matter how I
set sambaSID/sambaPrimaryGroupSID values according to
different sambaDomain values; no matter if I deleted
and recreated secrets.tdb and/or other cached samba
TDBs in /var/lib/samba directory.

I am running Debian Etch with samba v3.0.24 by the
way. I also tried with CentOS v4.4 with samba v3.0.10
to the same error.

Note that it works when I set the samba server as a
PDC or BDC, with LDAP backend, but I do notice that I
need wait for a while before I cam actually access the
samba shares. I did not figure out exact time I need
wait, but it worked after few hours' waiting. This
delay is necessary even I tried accessing from
localhost (i.e., smbclient //localhost/<username> on
the samba+ldap server), I even start setting a new
domain and clear all cached samba TDBs. The official
samba docs say about delay (from 5 to 45 minutes?
can't remember exactly), but that delay is necessary
for network browsing. For my case I tried with wins
support on the server, and I even tried to add entries
into /etc/samba/lmhosts file, and I can confirm there
is no delay for name resolutions by checking
/var/lib/samba/wins.dat file.

Additionally, if I tried to set a samba standalone
server, with ldapsam backend, even I wait overnight,
the samba login still gave me the same error.

So I am not sure if the time delay is a related issue.

So at moment I am stucked with the imcomplete domain
mode setup, in order to get the samba authentication
work. I really wish to switch to a workgroup mode, am
still trying...

Would appreciate any help or suggestion.

Thanks,

J





      ___________________________________________________________
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/

More information about the samba mailing list