[Samba] /etc/hosts and DHCP

mathias dufresne infractory at gmail.com
Wed Sep 30 08:07:46 UTC 2015


As Rowland said putting your services accounts into some network database
(AD, LDAP or anything else) is not always a good idea because your
centralized database would need (really need) to always up and running for
others services can work. Once your centralized database is out of order
you won't have services accounts available so no services up.

Well thought/designed or if you kind of a gambler, you can try to set up
such a database. You would need at least two servers (physical machines
which could be hosting VMs) to do that without to much troubles. This to
get redundancy for that database (remember: it must not fail or any other
service will fail too).

One other important point is you will not be able to get trust relationship
between your domain (the centralized DB) and your campus' domain. This
means your users, local and into your own domain, won't be usable when
accessing your campus domain computers or resources until these resources
are available to any users, including those outside of their own DB, their
AD.

2015-09-28 20:12 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:

> On 28/09/15 18:48, Ross Boylan wrote:
>
>> On Mon, Sep 28, 2015 at 1:58 AM, mathias dufresne <infractory at gmail.com>
>> wrote:
>>
>> 2015-09-25 23:44 GMT+02:00 Ross Boylan <rossboylan at stanfordalumni.org>:
>>> [snip]
>>>
>>>> I have been looking for a way to centralize account management within my
>>>> linux machines, but doing so via AD sounds very indirect.
>>>>
>>>> What do you meant by "looking for a way to centralize account management
>>> within my linux machines"?
>>>
>>> I have a bunch of Linux machines, mostly VM's.  They have a bunch of
>> standard accounts, my personal account, and a few miscellaneous accounts
>> that vary by machines.  Most of the account names are generic, e.g., root
>> or cups, and their scope should be limited to my systems (e.g., my root is
>> not the root account on someone else's Linux boxes).  I want to ensure
>> that
>> the uids and gids are associated with the same accounts on each machine.
>> I
>> was getting ready to do so using LDAP.
>>
>
> I think you need to do some more reading, root is root is root! root's uid
> is '0' *everywhere*. You should *not* put any user or group whose uid
> number appears in /etc/passwd or /etc/group into LDAP never mind AD. They
> need to exist only on the machine because you will not be able to do
> anything if they are in LDAP and it crashes. If you use the same distro on
> all machines, the numbers will be the same anyway, in fact there will be
> little difference even if you use very different distros i.e. Debian and
> Centos.
>
>
>> Both Samba and AD use LDAP, though I gather with Samba 4 LDAP has been
>> integrated into Samba and I suspect using it for other purposes is not
>> intended, and maybe not even possible.  But maybe if Samba is not a
>> controller LDAP isn't active?
>>
>
> No, LDAP has not been integrated into Samba, the ldap that comes with
> Samba4 is a specialised one, so that it can work as an AD DC, but it can be
> used similarly to OPENLDAP. However, you do not have to run Samba4 as an AD
> DC, it can still do everything that Samba3 could do, including using
> OPENLDAP ( I still wouldn't put the system users in LDAP)
>
> Rowland
>
> P.S. Just in case you didn't get it
>
> *DO NOT PUT YOUR SYSTEM USERS INTO LDAP (or AD) LEAVE THEM WHERE THEY
> BELONG*
>
>
>>
>> Did you meant you want your Linux machines can use centralized users
>>> database? (Here you would plug your linux on AD)
>>> Or did you meant you want to have another database with your own users
>>> dedicated to Linux Boxes? (Here you would need a new AD domain or
>>> something
>>> similar)
>>>
>>> I'm not sure what the distinction is between your last 2 questions.  The
>> users database would be centralized for my machines; it would not be
>> centralized in some campus-wide database, e.g., AD.
>> Ross
>>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list