[Samba] Multiple Standalone Servers With Single LDAP Server

Gordan Bobic gordan at bobich.net
Wed Aug 6 16:05:58 MDT 2014

On 08/06/2014 07:13 PM, Allen Chen wrote:
> On 8/6/2014 5:54 AM, Rowland Penny wrote:
>> On 06/08/14 10:31, Gordan Bobic wrote:
>>> On 2014-08-06 10:05, Rowland Penny wrote:
>>>> On 04/08/14 16:45, Gordan Bobic wrote:
>>>>> Hi,
>>>>> I'm trying to set up multiple standalone Samba servers that use the
>>>>> same OpenLDAP back-end database for authentication, but on any
>>>>> servers beyond the first one I cannot seem to get past the error
>>>>> like the following:
>>>>> "The primary group domain sid($SecondaryServerSID) does not match
>>>>> the domain sid($PrimaryServerSID) for $UserName($UserSID)"
>>>>> It seems nuts to have to set up a domain controller just to have
>>>>> multiple standalone servers within the same workgroup.
>>>>> If I configure the secondary server to use a local user password
>>>>> database for authentication, everything works fine, but that means
>>>>> having to maintain the database in multiple locations.
>>>>> Is there a way to completely neuter all the domain functionality
>>>>> and use LDAP _only_ for username/password authentication from
>>>>> multiple standalone servers within the same workgroup?
>>>>> Gordan
> Hi Gordan,
> I don't know why you get that error message. I have 5 standalone Samba 3
> file servers using one ldap server. It works perfect.

Are you saying you are running multiple servers with the same SID?

> All of them are configured with "security = user" and ldap parameters.
> Can you post your smb.conf on all of your samba servers?

The configuration I am trying to use is this:

security = user
passdb backend = ldapsam:ldap://ldap.mydomain.tld
ldap admin dn = cn=Manager,dc=mydomain,dc=tld
ldap suffix = dc=mydomain,dc=tld
ldap user suffix = ou=People
ldap group suffix = ou=Group

This seems to work fine for the first server, but not for the second one.


More information about the samba mailing list