[Samba] making BDC samba + ldap server

tms3 at tms3.com tms3 at tms3.com
Sun Feb 20 12:24:09 MST 2011 




>
>
>
> Hi
>
> Ok, and how I config nss_ldap? When I copy all database is included?

Well, the easiest way, for Samba use, is to simply cp your ldap.conf 
file for the ldap client application to nss_ldap.conf--cp ldap.conf 
nss_ldap.conf (this can be a bit confusing, as openldap uses a file 
called ldap.conf for configuring the ldap client as well as a file 
called ldap.conf for configuring basic ldap server process.  The 
server file is generally contained in the directory where 
configuration files are kept in a subdirectory called openldap along 
with files like slapd.conf and is generally a small file witch looks 
something like this:

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE    dc=mydomain,dc=com
URI     ldapi://%2fvar%2frun%2fopenldap%2fldapi 
ldap://192.168.64.2:389
# TLS_CACERT /usr/local/etc/openldap/cacert.pem

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

whereas the ldap.conf for the client is rather lengthy and contains 
quite a bit of information for contacting the ldap server, how the dit 
should be searched, etc.)

And, no, nss_ldap.conf has nothing to do with the ldap server. 
nss_ldap.conf can be used to contact an external ldap server, just as 
the ldap.conf for the ldap client application can/
>
> Sorry for the newbie questions, If any time comes to barcelona contact 
> me, you has a beer paid (Daniel too)  :-)

Well, now that's quite a generous offer. Much appreciated.
>
>
>
> Thanks and Best Regards
>
>
> 2011/2/20 <tms3 at tms3.com>
>>
>>
>>
>>>
>>>
>>> Hi
>>>
>>> Thanks, this howto for me its better. I have other doubt, syncrepl 
>>> needs to be installed or comes integrated with slapd daemon?
>>
>> It is all part of the openldap suite.
>>
>>>
>>>
>>>
>>> And to transfer all shared samba folders and profile content, when 
>>> it's the better moment? I understand when samba is down or when is up?
>>
>> Depends on the permissions. However, so long as ALL the files to be 
>> transferred belong to users in LDAP then, with nss_ldap properly 
>> configured, any copy that preserves permissions should be fine.
>>
>>
>>
>>>
>>>
>>>
>>> Thanks and Best Regards
>>>
>>>
>>> 2011/2/20 <tms3 at tms3.com>
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>> Now you are on to copy your slapd.conf and ldap.conf to your new 
>>>>> machine:
>>>>> Ex: scp slapd.conf root at 2machine:/etc/openldap
>>>>>
>>>>> ---------------------------HOw I can make this If slurpd is 
>>>>> deprecated? The guide
>>>>>
>>>>> http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html
>>>>>
>>>>> not's easy to understand, not exist other howto more simple?
>>>> Here is another guide. The first link is quite comprehensive.
>>>> http://www.zytrax.com/books/ldap/ch7/
>>>>
>>>> The entire online manual is a good read. I highly recommend it.
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>
>>>>> >>>>Now important I do the trick with slurpd. There are many other 
>>>>> ways but this
>>>>> >>>>is easy.
>>>>> >>>>Slurpd should be installed on your Master an only there.
>>>>> >>>>So go in to the slapd.conf on your master and put a few lines in 
>>>>> it at the
>>>>> >>>>end.
>>>>> >>>>Be carefull all tabs must fit exact as this example:
>>>>>
>>>>> replica uri=ldap://IPOFYOUR2MACHINE:389
>>>>> binddn="cn=youradmin,dc=your,dc=ldap"
>>>>>  suffix="dc=yourc,dc=ldap"
>>>>>  bindmethod=simple
>>>>>  credentials=securepassword
>>>>>
>>>>> I understand the part of backup slapd only works with the service 
>>>>> stopped?
>>>>>
>>>>> Well Im grateful for all your time :-)
>>>>>
>>>>> Thanks and Best Regards
>>>>>
>>>>
>>>>
>>>>>
>>>>> 2011/2/18 <tms3 at tms3.com>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> In my hint I think your samba PDC/Ldap is cuurently working well!
>>>>>>> First of all install a second machine with the samba and ldap.
>>>>>>> Do not start samba, do not start ldap.
>>>>>>> The ldap database should be nearly empty ex:/var/lib/ldap
>>>>>>>
>>>>>>> Now copy your smb.conf to your new machine ex: scp 
>>>>>>> root at 2machine:/etc/samba
>>>>>>> Edit the smb.conf to your needs and adjust it to be a bdc:
>>>>>>> domain master=NO
>>>>>>> domain logons=YES
>>>>>>> Make a testparm it should succed like this:
>>>>>>> testparm
>>>>>>> Load smb config files from /etc/samba/smb.conf
>>>>>>> Processing section "[netlogon]"
>>>>>>> WARNING: The "share modes" option is deprecated
>>>>>>> Processing section "[sysvol]"
>>>>>>> WARNING: The "share modes" option is deprecated
>>>>>>> Processing section "[homes]"
>>>>>>> Processing section "[profiles]"
>>>>>>> Processing section "[alles]"
>>>>>>> Processing section "[printers]"
>>>>>>> Processing section "[print$]"
>>>>>>> Loaded services file OK.
>>>>>>> Server role: ROLE_DOMAIN_BDC  <----------------------------you are a 
>>>>>>> BDC
>>>>>>> Press enter to see a dump of your service definitions
>>>>>>
>>>>>> Yes very nice!
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Now you are on to copy your slapd.conf and ldap.conf to your new 
>>>>>>> machine:
>>>>>>> Ex: scp slapd.conf root at 2machine:/etc/openldap
>>>>>>>
>>>>>>> Now important I do the trick with slurpd.
>>>>>> Sorry, but Slurpd is depricated and no longer available in Openldap 
>>>>>> since 2.3
>>>>>> http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd
>>>>>>
>>>>>> Here is nice overview of the way LDAP currently works:
>>>>>>
>>>>>> http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html
>>>>>>
>>>>>> Once you have sync-repl set up on the current master, and a proper 
>>>>>> slapd.conf and ldap.conf file on the new machine, start ldap, then
>>>>>>
>>>>>> smbpasswd -w <ldap-master-passwd>
>>>>>> net rpc join -U<administrator> <domain name>
>>>>>>
>>>>>> Done.
>>>>>
>>>>
>>>
>>
>

More information about the samba mailing list