[Samba] configuring a backup domain server
Daniel Müller
mueller at tropenklinik.de
Fri May 4 05:59:29 MDT 2012
First of all you will see the first time your PDC and BDC are running, that
most of your machines will logon to the BDC
not the PDC. So mounting the shares is up to your " logon script =
logon.bat" and the entries in your smb.conf.
I have defined exact the same shares on my PDC and BDC. And data is mounted
on a glusterd filesystem.
Good Luck
Daniel
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von deconya
Gesendet: Freitag, 4. Mai 2012 13:46
An: samba at lists.samba.org
Betreff: [Samba] configuring a backup domain server
Hi
Im looking to config a BDC with ldap. It seems the connection with ldap
primary server works, but Im confused with the shared folders. I understood
when you creates a BDC needs to put the same global information:
[global]
workgroup = DOMAIN
netbios name = DOMAIN-PDC
security = user
enable privileges = yes
interfaces = 127.0.0.0/8 eth0 10.0.1.0/24 10.0.0.0/24
server string = DOMAIN Primary Domain Controller
encrypt passwords = true
unix password sync = no
ldap passwd sync = yes
passwd program = /usr/bin/smbldap-passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
time server = yes
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = UTF-8
domain logons = yes
domain master = yes
logon path =
logon drive =
logon home =
logon script = logon.bat
local master = yes
preferred master = yes
os level = 65
wins support = yes
dns proxy = yes
panic action = /usr/share/samba/panic-action %d
server signing = auto
server schannel = auto
winbind trusted domains only = yes
winbind use default domain = yes
passdb backend = ldapsam:"ldap://127.0.0.1"
ldap admin dn = cn=admin,dc=domain,dc=es
ldap suffix = dc=domain,dc=es
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap ssl = no
ldap delete dn = yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
load printers = yes
create mask = 0774
directory mask = 0775
nt acl support = no
printing = cups
printcap name = cups
deadtime = 60
keepalive = 60
guest account = nobody
map to guest = bad user
dont descend = /proc,/dev,/etc,/lib,/lost+found
show add printer wizard = yes
preserve case = yes
short preserve case = yes
case sensitive = no
usershare allow guests = yes
And I understand the BDC is the same but changing connection.
[global]
workgroup = DOMAIN
netbios name = DOMAIN-PDC
security = user
enable privileges = yes
interfaces = 127.0.0.0/8 eth0 10.0.1.0/24 10.0.0.0/24
# bind interfaces only = yes
server string = DOMAIN Primary Domain Controller
encrypt passwords = true
# obey pam restrictions = no
# pam password change = yes
unix password sync = no
ldap passwd sync = yes
passwd program = /usr/bin/smbldap-passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
time server = yes
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = UTF-8
domain logons = yes
domain master = no
logon path =
logon drive =
logon home =
logon script = logon.bat
local master = yes
preferred master = yes
os level = 65
wins support = no
wins server = 10.0.0.2
dns proxy = yes
panic action = /usr/share/samba/panic-action %d
server signing = auto
server schannel = auto
winbind trusted domains only = yes
winbind use default domain = yes
passdb backend = ldapsam:"ldap://ldap.domain.es"
ldap admin dn = cn=admin,dc=domain,dc=es
ldap suffix = dc=domain,dc=es
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap ssl = no
ldap delete dn = yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
load printers = yes
create mask = 0774
directory mask = 0775
nt acl support = no
printing = cups
printcap name = cups
deadtime = 60
keepalive = 60
guest account = nobody
map to guest = bad user
dont descend = /proc,/dev,/etc,/lib,/lost+found
show add printer wizard = yes
preserve case = yes
short preserve case = yes
case sensitive = no
usershare allow guests = yes
And with this, to join BDC to the Samba NET I made:
#net getlocalsid >> inside PDC
and
#net setlocalsid >> inside BDC
#net join >>inside BDC
And I don't know the shared folders how goes. I understand If I use BDC how
other file server to access to new folders putted inside BDC servers the
steps are:
include folders in BDC smb.conf.
windows XP clients will use the path \\domain-pdc\sharedfolder
is correct?
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list