[Samba] making BDC samba + ldap server

Daniel Müller mueller at tropenklinik.de
Fri Feb 18 04:44:33 MST 2011 

In my hint I think your samba PDC/Ldap is cuurently working well!
First of all install a second machine with the samba and ldap.
Do not start samba, do not start ldap.
The ldap database should be nearly empty ex:/var/lib/ldap

Now copy your smb.conf to your new machine ex: scp root at 2machine:/etc/samba
Edit the smb.conf to your needs and adjust it to be a bdc:
domain master=NO
domain logons=YES
Make a testparm it should succed like this:
testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[netlogon]"
WARNING: The "share modes" option is deprecated
Processing section "[sysvol]"
WARNING: The "share modes" option is deprecated
Processing section "[homes]"
Processing section "[profiles]"
Processing section "[alles]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_BDC  <----------------------------you are a BDC
Press enter to see a dump of your service definitions

Now you are on to copy your slapd.conf and ldap.conf to your new machine:
Ex: scp slapd.conf root at 2machine:/etc/openldap

Now important I do the trick with slurpd. There are many other ways but this
is easy.
Slurpd should be installed on your Master an only there.
So go in to the slapd.conf on your master and put a few lines in it at the
end.
Be carefull all tabs must fit exact as this example:

replica uri=ldap://IPOFYOUR2MACHINE:389
binddn="cn=youradmin,dc=your,dc=ldap"
  suffix="dc=yourc,dc=ldap"
  bindmethod=simple
  credentials=securepassword

Now edit the slapd.conf you have copied over to your 2machine fit it to your
needs
And put this few lines at the end:

updatedn "cn=youradmin,dc=your,dc=ldap"
updateref ldap://IPOFYOURMASTERMACHINE


Now you have to grep the Domain SID on the master machine 
net getlocalsid
SID for domain XXXXXXX is: S-1-5-21-348532078-20162045-3182299738 <----you
need this SID

Copy this sid over to your 2machine:
There do ex: net setlocalsid S-1-5-21-348532078-20162045-3182299738


 
Leave the ldap settings the same as on your pdc(It should fit!!). Only
change the IP 
Of your passdb backend = ldapsam:ldap://IP/! If you have there 127.0.0.1
leave it as it is


On your master machine go to your openldap database directory ex:
/var/lib/ldap
Then do: slapcat -l master.ldif
This will succed in a file: master.ldif.
Copy this file to your second machine ex: scp master.ldif
root at 2machine:/var/lib/ldap
On your 2machine you have now to do : slapadd -l master.ldif
Then chown ldap:ldap * to set the right permission for the ladp user.

Now on your 2machine you must now do: 
 
smbpasswd –W  <--you are prompted for Ldap-Password
then smbpasswd -a root
Then start ldap, start samba
Restart ldap/Samba on your Master and all is up.

Good Luck
Daniel

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen 
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de 

Von: marcos gonzalez [mailto:marcos.gonzalez.cruz at gmail.com] 
Gesendet: Freitag, 18. Februar 2011 11:24
An: mueller at tropenklinik.de
Cc: Dale Schroeder; Samba
Betreff: Re: [Samba] making BDC samba + ldap server

Hi

Yes, it's a samba 3.3.2 with openldap. 

My first steps were copy config smb.conf and folders /var/lib/samba and
shared folders. But I dont know how to copy samba users and groups from PDC.
Suggesiotns?

Other important task is to migrate ldap to prepare and slave ldap. 

Wheel, I have good howtos to start

Thanks for all answers.

Best Regards
2011/2/18 Daniel Müller <mueller at tropenklinik.de>
First of all are you running a PDC with ldap?
Then it is quite easy.
If it is so I can give you hints

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Dale Schroeder
Gesendet: Donnerstag, 17. Februar 2011 22:36
An: marcos gonzalez
Cc: Samba
Betreff: Re: [Samba] making BDC samba + ldap server

I've never attempted, but here it is:

http://wiki.samba.org/index.php/Replicated_Failover_Domain_Controller_and_fi
le_server_using_LDAP


On 02/17/2011 3:19 PM, marcos gonzalez wrote:
> Hi guys
>
> Im looking to config a BDC server for the high traffic supported inside
the
> primary server. I never configured a BDC server inside ubuntu 9.04 and
> OpenLdap and Im very lost. Looking for internet I found howtos for PDCs
> server but not for BDC. Anyone can help me more? Im making a clean install
> and I don't know how to create same users than PDC for samba and how to
make
> a slave ldap inside.
>
> Any help will be appreciated
>
> Thanks :-)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list