[Samba] Samba AD auth - Backup?
Dale Schroeder
dale at BriannasSaladDressing.com
Mon Mar 9 18:19:49 GMT 2009
Mark Adams wrote:
> Hi All,
>
> I haven't received a response from anyone on this - Can anyone help?
>
> Is there any way to have samba simply use the current records stored in
> /var/lib/samba/ if the password server(s) is unavailable?
>
Have you already tried these parameters?
password server = server1, server2
winbind offline logon = Yes
http://wiki.samba.org/index.php/PAM_Offline_Authentication
> Best Regards,
> Mark
>
> On Tue, Mar 03, 2009 at 12:41:35PM +0000, Mark Adams wrote:
>
>> Thanks for the reply's.
>>
>> Is there anyway to have Samba just read whatever is in the database for
>> the UID/GID map if the DC is not available? From my testing as soon as
>> the DC is unavailable for any reason the ability to login ceases.
>>
>> Am I right in thining that by adding 2 x "kdc" selections to
>> /etc/krb5.cfg I'm setting the 2 DC's to be used for lookups?
>>
http://mailman.mit.edu/pipermail/kerberos/2002-November/002182.html
>> Regards,
>> Mark
>>
>> On Sun, Mar 01, 2009 at 03:15:33PM -0500, Ryan Bair wrote:
>>
>>> Everything should be looked up by DNS. There's no notion of a PDC/BDC
>>> in AD (although 2008 has readonly slaves I believe).
>>>
>>> On Fri, Feb 27, 2009 at 7:26 AM, Mark Adams <mark at campbell-lange.net> wrote:
>>>
>>>> Hi All,
>>>>
>>>> I haven't been able to track down any info on this so would be
>>>> appreciative of any input. Links to any info on this would also be
>>>> appreciated.
>>>>
>>>> Samba 3.2.5, Debian 5.0
>>>>
>>>> Question 1;
>>>> Is there any way of setting up a "backup" windows domain controller in
>>>> the samba config? so if they main dc is not available, it automatically
>>>> queries the backup?
>>>>
>>>> Question 2;
>>>> What is the best way to back up the UID/GID map? and can it be easily
>>>> imported back to a new install if the server fails for any reason.
>>>>
In addition to backing up /var/lib/samba/*, consider a consistent idmap
backend, e.g.
idmap backend = rid:DOMAIN=10000-20000 (or whatever numbers you choose)
Dale
>>>> Thanks
>>>> Mark
>>>>
More information about the samba
mailing list