[Samba] configuring a backup domain server

deconya elmailpersonal at gmail.com
Fri May 4 05:46:23 MDT 2012


Hi

Im looking to config a BDC with ldap. It seems the connection with ldap
primary server works, but Im confused with the shared folders. I understood
when you creates a BDC needs to put the same global information:

[global]
   workgroup = DOMAIN
   netbios name = DOMAIN-PDC
   security = user
   enable privileges = yes
   interfaces = 127.0.0.0/8 eth0 10.0.1.0/24 10.0.0.0/24
   server string = DOMAIN Primary Domain Controller
   encrypt passwords = true

   unix password sync = no
   ldap passwd sync = yes
   passwd program = /usr/bin/smbldap-passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   log level = 1
   syslog = 0
   log file = /var/log/samba/log.%m
   max log size = 1000
   time server = yes
   #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   mangling method = hash2
   Dos charset = 850
   Unix charset = UTF-8

   domain logons = yes
   domain master = yes

   logon path =
   logon drive =
   logon home =
   logon script = logon.bat

   local master = yes
   preferred master = yes
   os level = 65
   wins support = yes
   dns proxy = yes
   panic action = /usr/share/samba/panic-action %d
   server signing = auto
   server schannel = auto
   winbind trusted domains only = yes
   winbind use default domain = yes

   passdb backend = ldapsam:"ldap://127.0.0.1"
   ldap admin dn = cn=admin,dc=domain,dc=es
   ldap suffix = dc=domain,dc=es
   ldap group suffix = ou=Groups
   ldap user suffix = ou=Users
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=Idmap
   ldap ssl = no
   ldap delete dn = yes
   add user script = /usr/sbin/smbldap-useradd -m "%u"
   delete user script = /usr/sbin/smbldap-userdel "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   delete group script = /usr/sbin/smbldap-groupdel "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

   load printers = yes
   create mask = 0774
   directory mask = 0775
   nt acl support = no
   printing = cups
   printcap name = cups
   deadtime = 60
   keepalive = 60
   guest account = nobody
   map to guest = bad user
   dont descend = /proc,/dev,/etc,/lib,/lost+found
   show add printer wizard = yes
   preserve case = yes
   short preserve case = yes
   case sensitive = no
   usershare allow guests = yes

And I understand the BDC is the same but changing connection.

[global]

   workgroup = DOMAIN
   netbios name = DOMAIN-PDC

   security = user
   enable privileges = yes
   interfaces = 127.0.0.0/8 eth0 10.0.1.0/24 10.0.0.0/24
#   bind interfaces only = yes
   server string = DOMAIN Primary Domain Controller
   encrypt passwords = true
#   obey pam restrictions = no
#   pam password change = yes

   unix password sync = no
   ldap passwd sync = yes
   passwd program = /usr/bin/smbldap-passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   log level = 1
   syslog = 0
   log file = /var/log/samba/log.%m
   max log size = 1000
   time server = yes
   #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   mangling method = hash2
   Dos charset = 850
   Unix charset = UTF-8

   domain logons = yes
   domain master = no

   logon path =
   logon drive =
   logon home =
   logon script = logon.bat

   local master = yes
   preferred master = yes
   os level = 65
   wins support = no
   wins server = 10.0.0.2
   dns proxy = yes
   panic action = /usr/share/samba/panic-action %d
   server signing = auto
   server schannel = auto
   winbind trusted domains only = yes
   winbind use default domain = yes

   passdb backend = ldapsam:"ldap://ldap.domain.es"
   ldap admin dn = cn=admin,dc=domain,dc=es
   ldap suffix = dc=domain,dc=es
   ldap group suffix = ou=Groups
   ldap user suffix = ou=Users
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=Idmap
   ldap ssl = no
   ldap delete dn = yes
   add user script = /usr/sbin/smbldap-useradd -m "%u"
   delete user script = /usr/sbin/smbldap-userdel "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   delete group script = /usr/sbin/smbldap-groupdel "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

   load printers = yes
   create mask = 0774
   directory mask = 0775
   nt acl support = no
   printing = cups
   printcap name = cups
   deadtime = 60
   keepalive = 60
   guest account = nobody
   map to guest = bad user
   dont descend = /proc,/dev,/etc,/lib,/lost+found
   show add printer wizard = yes
   preserve case = yes
   short preserve case = yes
   case sensitive = no
   usershare allow guests = yes

And with this, to join BDC to the Samba NET I made:

#net getlocalsid >> inside PDC

and

#net setlocalsid >> inside BDC

#net join >>inside BDC

And I don't know the shared folders how goes. I understand If I use BDC how
other file server to access to new folders putted inside BDC servers the
steps are:

include folders in BDC smb.conf.
windows XP clients will use the path \\domain-pdc\sharedfolder

is correct?

Thanks!


More information about the samba mailing list