[Samba] configuring a backup domain server
deconya
elmailpersonal at gmail.com
Fri May 4 05:46:23 MDT 2012
Hi
Im looking to config a BDC with ldap. It seems the connection with ldap
primary server works, but Im confused with the shared folders. I understood
when you creates a BDC needs to put the same global information:
[global]
workgroup = DOMAIN
netbios name = DOMAIN-PDC
security = user
enable privileges = yes
interfaces = 127.0.0.0/8 eth0 10.0.1.0/24 10.0.0.0/24
server string = DOMAIN Primary Domain Controller
encrypt passwords = true
unix password sync = no
ldap passwd sync = yes
passwd program = /usr/bin/smbldap-passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
time server = yes
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = UTF-8
domain logons = yes
domain master = yes
logon path =
logon drive =
logon home =
logon script = logon.bat
local master = yes
preferred master = yes
os level = 65
wins support = yes
dns proxy = yes
panic action = /usr/share/samba/panic-action %d
server signing = auto
server schannel = auto
winbind trusted domains only = yes
winbind use default domain = yes
passdb backend = ldapsam:"ldap://127.0.0.1"
ldap admin dn = cn=admin,dc=domain,dc=es
ldap suffix = dc=domain,dc=es
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap ssl = no
ldap delete dn = yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
load printers = yes
create mask = 0774
directory mask = 0775
nt acl support = no
printing = cups
printcap name = cups
deadtime = 60
keepalive = 60
guest account = nobody
map to guest = bad user
dont descend = /proc,/dev,/etc,/lib,/lost+found
show add printer wizard = yes
preserve case = yes
short preserve case = yes
case sensitive = no
usershare allow guests = yes
And I understand the BDC is the same but changing connection.
[global]
workgroup = DOMAIN
netbios name = DOMAIN-PDC
security = user
enable privileges = yes
interfaces = 127.0.0.0/8 eth0 10.0.1.0/24 10.0.0.0/24
# bind interfaces only = yes
server string = DOMAIN Primary Domain Controller
encrypt passwords = true
# obey pam restrictions = no
# pam password change = yes
unix password sync = no
ldap passwd sync = yes
passwd program = /usr/bin/smbldap-passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
time server = yes
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = UTF-8
domain logons = yes
domain master = no
logon path =
logon drive =
logon home =
logon script = logon.bat
local master = yes
preferred master = yes
os level = 65
wins support = no
wins server = 10.0.0.2
dns proxy = yes
panic action = /usr/share/samba/panic-action %d
server signing = auto
server schannel = auto
winbind trusted domains only = yes
winbind use default domain = yes
passdb backend = ldapsam:"ldap://ldap.domain.es"
ldap admin dn = cn=admin,dc=domain,dc=es
ldap suffix = dc=domain,dc=es
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap ssl = no
ldap delete dn = yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
load printers = yes
create mask = 0774
directory mask = 0775
nt acl support = no
printing = cups
printcap name = cups
deadtime = 60
keepalive = 60
guest account = nobody
map to guest = bad user
dont descend = /proc,/dev,/etc,/lib,/lost+found
show add printer wizard = yes
preserve case = yes
short preserve case = yes
case sensitive = no
usershare allow guests = yes
And with this, to join BDC to the Samba NET I made:
#net getlocalsid >> inside PDC
and
#net setlocalsid >> inside BDC
#net join >>inside BDC
And I don't know the shared folders how goes. I understand If I use BDC how
other file server to access to new folders putted inside BDC servers the
steps are:
include folders in BDC smb.conf.
windows XP clients will use the path \\domain-pdc\sharedfolder
is correct?
Thanks!
More information about the samba
mailing list