[Samba] sharing samba smbpasswd
Gavin Henry
gavin.henry at gmail.com
Mon Dec 29 21:38:25 GMT 2008
You don't have to use slapd.d (I'm working on more and better
documentation) and can just stick to slapd.conf. Only use that if you
want to make changes on the fly that stick around at restart.
On 29/12/2008, Scott Grizzard <scott at scottgrizzard.com> wrote:
> I agree completely. LDAP is the "right" way to go. However, openldap
> is a bit daunting for first time users, and the slapd.d way of
> configuring openldap is not well documented for beginners.
>
> If the samba servers can go down for a few hours without causing too
> big of a headache, and you are not doing domain authentications for
> workstations, I wouldn't bother with ldap. It will take you a month
> to get LDAP working the first time out, and if anything breaks, it is
> much groping in the dark to get it working again.
>
> Bottom line: LDAP is the "right" way to do it, but the learning curve
> is pretty steep. If you can live with the single point of failure,
> live with it. If you can't, hire a consultant to walk you through it
> the first time or buy a Mac X-Server, or invest in several bottles of
> Malox and kiss a month of weekends goodbye. (On the plus side, doing
> it yourself will teach you a lot about linux, ldap, and samba:
> knowledge which you can lord over Microsoft techs that don't know the
> first thing about the protocols and logic underlying Active Directory,)
>
> - Scott Grizzard
>
> On Dec 29, 2008, at 10:56 AM, John Drescher wrote:
>
>>> 1) LDAP where one server runs ldap and all servers authenticate
>>> against it.
>>> Advantages: easy to replicate and easily extendable for other uses.
>>> Disadvantages: difficult to set up if you don't know what you are
>>> doing.
>>>
>> With syncrepl pretty easy to add more ldap servers. I generally use 1
>> master and several read only replicas. I would never run a network (of
>> more than 3 machines) with only 1 ldap server.
>>
>> http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl-ro
>>
>> On the subject of domain controllers using LDAP. Since I have been
>> doing this for > 5 years, I have a few comments. The ldap servers do
>> not have to be on the same machine as the PDC or BDC. At work I have 3
>> LDAP servers. All 3 of them are on VIRTUAL machines. I have 1 my PDC
>> on xen and my BDC on openvz. And the PDC and BDC do not have any samba
>> file shares on them. One nice thing about this is moving the LDAP
>> servers or domain controllers in this case becomes trivial. And also I
>> do have backup servers on other virtual machines that are offline and
>> can be turned on as needed and in less than 5 minutes any of these
>> virtual machines can be the PDC and/or be the master ldap server.
>>
>> John
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
More information about the samba
mailing list