[Samba] making BDC samba + ldap server

Thu Feb 24 09:42:06 MST 2011

Hi

Im not sure if it's in this list but configuring ldap Im with a doubt.I
would like to distribute openldap conexions between mail server and samba
server. Which's the better form, master-master or master-slave? I
understand  using PDC and BDC the relationship is master-slave, but between
mail and samba?

Thanks & Best Regards

2011/2/21 marcos gonzalez <marcos.gonzalez.cruz at gmail.com>

> Ok in my server the ldap config is inside /etc/ and this file nss_ldap it's
> inside /etc/ldap/. i didn't understand why pass this but now I understand
> all
>
> Thanks
>
>
>>
>>
>> Hi
>>
>> Ok, and how I config nss_ldap? When I copy all database is included?
>>
>> Well, the easiest way, for Samba use, is to simply cp your ldap.conf file
>> for the ldap client application to nss_ldap.conf--cp ldap.conf nss_ldap.conf
>> (this can be a bit confusing, as openldap uses a file called ldap.conf for
>> configuring the ldap client as well as a file called ldap.conf for
>> configuring basic ldap server process.  The server file is generally
>> contained in the directory where configuration files are kept in a
>> subdirectory called openldap along with files like slapd.conf and is
>> generally a small file witch looks something like this:
>>
>> #
>> # LDAP Defaults
>> #
>>
>> # See ldap.conf(5) for details
>> # This file should be world readable but not world writable.
>>
>> BASE    dc=mydomain,dc=com
>> URI     ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389
>> # TLS_CACERT /usr/local/etc/openldap/cacert.pem
>>
>> #SIZELIMIT      12
>> #TIMELIMIT      15
>> #DEREF          never
>>
>> whereas the ldap.conf for the client is rather lengthy and contains quite
>> a bit of information for contacting the ldap server, how the dit should be
>> searched, etc.)
>>
>> And, no, nss_ldap.conf has nothing to do with the ldap server.
>> nss_ldap.conf can be used to contact an external ldap server, just as the
>> ldap.conf for the ldap client application can/
>>
>> Sorry for the newbie questions, If any time comes to barcelona contact me,
>> you has a beer paid (Daniel too)  :-)
>>
>> Well, now that's quite a generous offer. Much appreciated.
>>
>>
>>
>> Thanks and Best Regards
>>
>> 2011/2/20 <tms3 at tms3.com>
>>
>>>
>>>
>>> Hi
>>>
>>> Thanks, this howto for me its better. I have other doubt, syncrepl needs
>>> to be installed or comes integrated with slapd daemon?
>>>
>>> It is all part of the openldap suite.
>>>
>>>
>>>
>>> And to transfer all shared samba folders and profile content, when it's
>>> the better moment? I understand when samba is down or when is up?
>>>
>>> Depends on the permissions. However, so long as ALL the files to be
>>> transferred belong to users in LDAP then, with nss_ldap properly configured,
>>> any copy that preserves permissions should be fine.
>>>
>>>
>>>
>>> Thanks and Best Regards
>>>
>>> 2011/2/20 <tms3 at tms3.com>
>>>
>>>>
>>>>
>>>> Now you are on to copy your slapd.conf and ldap.conf to your new
>>>> machine:
>>>> Ex: scp slapd.conf root at 2machine:/etc/openldap
>>>>
>>>> ---------------------------HOw I can make this If slurpd is deprecated?
>>>> The guide
>>>>
>>>>
>>>> http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html
>>>>
>>>> not's easy to understand, not exist other howto more simple?
>>>>
>>>> Here is another guide. The first link is quite comprehensive.
>>>> http://www.zytrax.com/books/ldap/ch7/
>>>>
>>>> The entire online manual is a good read. I highly recommend it.
>>>>
>>>>
>>>>
>>>> >>>>Now important I do the trick with slurpd. There are many other ways
>>>> but this
>>>> >>>>is easy.
>>>> >>>>Slurpd should be installed on your Master an only there.
>>>> >>>>So go in to the slapd.conf on your master and put a few lines in it
>>>> at the
>>>> >>>>end.
>>>> >>>>Be carefull all tabs must fit exact as this example:
>>>>
>>>> replica uri=ldap://IPOFYOUR2MACHINE:389
>>>> binddn="cn=youradmin,dc=your,dc=ldap"
>>>>  suffix="dc=yourc,dc=ldap"
>>>>  bindmethod=simple
>>>>  credentials=securepassword
>>>>
>>>> I understand the part of backup slapd only works with the service
>>>> stopped?
>>>>
>>>> Well Im grateful for all your time :-)
>>>>
>>>> Thanks and Best Regards
>>>>
>>>>
>>>>
>>>> 2011/2/18 <tms3 at tms3.com>
>>>>
>>>>>
>>>>>
>>>>> In my hint I think your samba PDC/Ldap is cuurently working well!
>>>>> First of all install a second machine with the samba and ldap.
>>>>> Do not start samba, do not start ldap.
>>>>> The ldap database should be nearly empty ex:/var/lib/ldap
>>>>>
>>>>> Now copy your smb.conf to your new machine ex: scp root at 2machine
>>>>> :/etc/samba
>>>>> Edit the smb.conf to your needs and adjust it to be a bdc:
>>>>> domain master=NO
>>>>> domain logons=YES
>>>>> Make a testparm it should succed like this:
>>>>> testparm
>>>>> Load smb config files from /etc/samba/smb.conf
>>>>> Processing section "[netlogon]"
>>>>> WARNING: The "share modes" option is deprecated
>>>>> Processing section "[sysvol]"
>>>>> WARNING: The "share modes" option is deprecated
>>>>> Processing section "[homes]"
>>>>> Processing section "[profiles]"
>>>>> Processing section "[alles]"
>>>>> Processing section "[printers]"
>>>>> Processing section "[print$]"
>>>>> Loaded services file OK.
>>>>> Server role: ROLE_DOMAIN_BDC <----------------------------you are a BDC
>>>>> Press enter to see a dump of your service definitions
>>>>>
>>>>> Yes very nice!
>>>>>
>>>>>
>>>>>
>>>>> Now you are on to copy your slapd.conf and ldap.conf to your new
>>>>> machine:
>>>>> Ex: scp slapd.conf root at 2machine:/etc/openldap
>>>>>
>>>>> Now important I do the trick with slurpd.
>>>>>
>>>>> Sorry, but Slurpd is depricated and no longer available in Openldap
>>>>> since 2.3
>>>>> http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd
>>>>>
>>>>> Here is nice overview of the way LDAP currently works:
>>>>>
>>>>>
>>>>> http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-2.4.html
>>>>>
>>>>> Once you have sync-repl set up on the current master, and a proper
>>>>> slapd.conf and ldap.conf file on the new machine, start ldap, then
>>>>>
>>>>> smbpasswd -w <ldap-master-passwd>
>>>>> net rpc join -U<administrator> <domain name>
>>>>>
>>>>> Done.
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>