[Samba] FW: making BDC samba + ldap server
Daniel Müller
mueller at tropenklinik.de
Sat Feb 26 13:16:25 MST 2011
HI,
I have a samba/pdc/ldap and a courier/ladp host working fine.
The pdc is the master ldap the courier/ldap is the slave.
No problems! single sign on for windows and outlook (Same user same
password!)
If it is from interest I can post my setup and relations.
On Sat, 26 Feb 2011 10:13:22 -0500, "Gaiseric Vandal"
<gaiseric.vandal at gmail.com> wrote:
> Is this Samba 3 or Samba 4?
>
>
>
> If samba 3, which ldap server are you using>
>
>
>
> What is the mail server? Does the mail server have its own LDAP server
> included it or is also using an external LDAP server.
>
>
>
> If you want replication between LDAP servers, they should be the same
type
> of LDAP server (e.g. OpenLDAP or Apache Directory Server or Oracle
> Directory
> Server.) If you have one type of LDAP server for Samba and one type of
> LDAP server for Mail, you will not be easily able to replicate.
>
>
>
> If you are using Samba 3, you have a selection of LDAP servers you could
> use. The mail server will determine if which LDAP works for mail, and
> whether you can share the LDAP server between mail and samba.
>
>
>
>
>
>
>
>
>
>
>
> From: marcos gonzalez [mailto:marcos.gonzalez.cruz at gmail.com]
> Sent: Saturday, February 26, 2011 5:42 AM
> To: gaiseric.vandal at gmail.com
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] making BDC samba + ldap server
>
>
>
> Hi guys
>
> My network map is simple, ldap inside samba server centralizes all uses
> inside the LAN included mail. My question is to reduce the use of net
it's
> a
> good idea to create other ldap server inside mail server? And finally
> which's the best relation between ldap.samba server and a future ldap
mail
> server, master.master o master slave?
>
> Thanks And Best Regards
>
> 2011/2/25 Gaiseric Vandal <gaiseric.vandal at gmail.com>
>
> I don't understand your question. What does mail have to do with
Samba?
> Does your mail server use LDAP authentication? Or do you want to use
the
> LDAp server as an central address book for your mail clients. Either
way,
> your LDAP server should be able to support attributes for both e-mail
and
> samba requirements.
>
>
>
>
>
>
> On 02/24/2011 11:42 AM, marcos gonzalez wrote:
>
> Hi
>
> Im not sure if it's in this list but configuring ldap Im with a doubt.I
> would like to distribute openldap conexions between mail server and
samba
> server. Which's the better form, master-master or master-slave? I
> understand using PDC and BDC the relationship is master-slave, but
between
> mail and samba?
>
> Thanks& Best Regards
>
> 2011/2/21 marcos gonzalez<marcos.gonzalez.cruz at gmail.com>
>
>
>
> Ok in my server the ldap config is inside /etc/ and this file nss_ldap
it's
> inside /etc/ldap/. i didn't understand why pass this but now I
understand
> all
>
> Thanks
>
>
>
>
>
> Hi
>
> Ok, and how I config nss_ldap? When I copy all database is included?
>
> Well, the easiest way, for Samba use, is to simply cp your ldap.conf
file
> for the ldap client application to nss_ldap.conf--cp ldap.conf
> nss_ldap.conf
> (this can be a bit confusing, as openldap uses a file called ldap.conf
for
> configuring the ldap client as well as a file called ldap.conf for
> configuring basic ldap server process. The server file is generally
> contained in the directory where configuration files are kept in a
> subdirectory called openldap along with files like slapd.conf and is
> generally a small file witch looks something like this:
>
> #
> # LDAP Defaults
> #
>
> # See ldap.conf(5) for details
> # This file should be world readable but not world writable.
>
> BASE dc=mydomain,dc=com
> URI ldapi://%2fvar%2frun%2fopenldap%2fldapi ldap://192.168.64.2:389
> # TLS_CACERT /usr/local/etc/openldap/cacert.pem
>
> #SIZELIMIT 12
> #TIMELIMIT 15
> #DEREF never
>
> whereas the ldap.conf for the client is rather lengthy and contains
quite
> a bit of information for contacting the ldap server, how the dit should
be
> searched, etc.)
>
> And, no, nss_ldap.conf has nothing to do with the ldap server.
> nss_ldap.conf can be used to contact an external ldap server, just as
the
> ldap.conf for the ldap client application can/
>
> Sorry for the newbie questions, If any time comes to barcelona contact
me,
> you has a beer paid (Daniel too) :-)
>
> Well, now that's quite a generous offer. Much appreciated.
>
>
>
> Thanks and Best Regards
>
> 2011/2/20<tms3 at tms3.com>
>
>
>
>
> Hi
>
> Thanks, this howto for me its better. I have other doubt, syncrepl needs
> to be installed or comes integrated with slapd daemon?
>
> It is all part of the openldap suite.
>
>
>
> And to transfer all shared samba folders and profile content, when it's
> the better moment? I understand when samba is down or when is up?
>
> Depends on the permissions. However, so long as ALL the files to be
> transferred belong to users in LDAP then, with nss_ldap properly
> configured,
> any copy that preserves permissions should be fine.
>
>
>
> Thanks and Best Regards
>
> 2011/2/20<tms3 at tms3.com>
>
>
>
>
> Now you are on to copy your slapd.conf and ldap.conf to your new
> machine:
> Ex: scp slapd.conf root at 2machine:/etc/openldap
>
> ---------------------------HOw I can make this If slurpd is deprecated?
> The guide
>
>
>
http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-
> 2.4.html
>
> not's easy to understand, not exist other howto more simple?
>
> Here is another guide. The first link is quite comprehensive.
> http://www.zytrax.com/books/ldap/ch7/
>
> The entire online manual is a good read. I highly recommend it.
>
>
>
>
>
> Now important I do the trick with slurpd. There are many other ways
>
>
> but this
>
>
> is easy.
> Slurpd should be installed on your Master an only there.
> So go in to the slapd.conf on your master and put a few lines in it
>
>
> at the
>
>
> end.
> Be carefull all tabs must fit exact as this example:
>
>
> replica uri=ldap://IPOFYOUR2MACHINE:389
> binddn="cn=youradmin,dc=your,dc=ldap"
> suffix="dc=yourc,dc=ldap"
> bindmethod=simple
> credentials=securepassword
>
> I understand the part of backup slapd only works with the service
> stopped?
>
> Well Im grateful for all your time :-)
>
> Thanks and Best Regards
>
>
>
> 2011/2/18<tms3 at tms3.com>
>
>
>
>
> In my hint I think your samba PDC/Ldap is cuurently working well!
> First of all install a second machine with the samba and ldap.
> Do not start samba, do not start ldap.
> The ldap database should be nearly empty ex:/var/lib/ldap
>
> Now copy your smb.conf to your new machine ex: scp root at 2machine
> :/etc/samba
> Edit the smb.conf to your needs and adjust it to be a bdc:
> domain master=NO
> domain logons=YES
> Make a testparm it should succed like this:
> testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[netlogon]"
> WARNING: The "share modes" option is deprecated
> Processing section "[sysvol]"
> WARNING: The "share modes" option is deprecated
> Processing section "[homes]"
> Processing section "[profiles]"
> Processing section "[alles]"
> Processing section "[printers]"
> Processing section "[print$]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_BDC<----------------------------you are a BDC
> Press enter to see a dump of your service definitions
>
> Yes very nice!
>
>
>
> Now you are on to copy your slapd.conf and ldap.conf to your new
> machine:
> Ex: scp slapd.conf root at 2machine:/etc/openldap
>
> Now important I do the trick with slurpd.
>
> Sorry, but Slurpd is depricated and no longer available in Openldap
> since 2.3
> http://www.openldap.org/doc/admin24/replication.html#Replacing%20Slurpd
>
> Here is nice overview of the way LDAP currently works:
>
>
>
http://blog.suretecsystems.com/archives/129-Replacing-Slurpd-using-OpenLDAP-
> 2.4.html
>
> Once you have sync-repl set up on the current master, and a proper
> slapd.conf and ldap.conf file on the new machine, start ldap, then
>
> smbpasswd -w<ldap-master-passwd>
> net rpc join -U<administrator> <domain name>
>
> Done.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list