[Samba] Fwd: [SAMBA] Net groupmap list strange result

Rowland Penny rowlandpenny at googlemail.com
Tue Dec 23 07:37:45 MST 2014 

On 23/12/14 13:59, Elias Pereira wrote:
>
>     What you need to do is setup your samba4 machine as the PDC
>
>
> I thought I had done it, but from what you said, I did not. :(
>
>     in my opinion this entails storing the primary domain records on
>     the PDC, you would then join the other machine (the one you call
>     external OpenLDAP) to it, not the other way round.
>
>
> And how would I do that? If it is not too much to ask, could give me 
> some tips on how to do this, because I think I'm a little lost right now.
>
>
> On Mon, Dec 22, 2014 at 7:35 PM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
>     On 22/12/14 21:24, Elias Pereira wrote:
>>
>>         1. No you haven't, you have set up a 'backup domain controller'.
>>
>>
>>     Ok. Now I'm totally lost. Where I've set this as "backup domain
>>     controller"?
>>
>>         2. This is why you haven't got a PDC
>>
>>
>>     I set up an "external ldap" because we have one in operation and
>>     that is why I am making tests with Samba4 because after testing,
>>     and if it works, we will opt for Samba4 - PDC (debian) +
>>     "external ldap" (debian).
>>
>>         3. Why? you do not need a dns server with a PDC/BDC setup
>>
>>
>>     I asked here in the list, if with the Samba4 pdc I need a dns
>>     server, and the answer was yes.
>>
>>         Can you please explain just what you are hoping to achieve?
>>
>>
>>     Here on campus where I am working we have the following scenario:
>>
>>
>>>>
>>     ​In my lab tests I setup I mentioned in steps 1, 2 and 3.
>>     I have three virtual machines with an internal network for these
>>     tests.
>>
>>     Machine 1: 192.168.77.200 > Samba4 pdc
>>     Machine 2: 192.168.77.220 > openldap
>>     Machine 3: 192.168.77.150 > bind9 the dns server
>>
>>     I want the end of everything, I can leave running what is in the
>>     "scenario after migration" in the picture above.
>>
>>     I'm sorry if my explanations are not helping. :(
>>
>>     Elias Pereira
>
>     What you need to do is setup your samba4 machine as the PDC, in my
>     opinion this entails storing the primary domain records on the
>     PDC, you would then join the other machine (the one you call
>     external OpenLDAP) to it, not the other way round.
>
>     Get the domain working first, then add the other parts to it, you
>     may then find that it is better to transfer the 'external
>     OpenLDAP' role to your PDC.
>
>     Rowland
>
>
>
>
> -- 
> Elias Pereira

OK, here is a few howto's:

http://www.unixmen.com/setup-samba-domain-controller-with-openldap-backend-in-ubuntu-13-04/

http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend

http://www.fatofthelan.com/technical/using-ldap-for-single-authentication/

http://www.ibm.com/developerworks/linux/tutorials/l-ldapsamba/

After reading them I think you might realise what you are missing PDC wise.

I suppose that you could upgrade the external OpenLDAP server to be the 
PDC and then auth to that, but I think that you would be better going 
the other way, but this is just my opinion.

Rowland

More information about the samba mailing list