[Samba] LDAP BDC- Classic Domain

Praveen Ghimire PGhimire at sundata.com.au
Fri Mar 9 07:00:45 UTC 2018 

I've setup the ldap servers in PDC and BDC with the same config and ldifs. How do we setup the replication?  Using the following ldif in PDC

dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcDbIndex
olcDbIndex: entryUUID eq

#Load the syncprov and accesslog modules.
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
-
add: olcModuleLoad
olcModuleLoad: accesslog

# Accesslog database definitions
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap/accesslog
olcSuffix: cn=accesslog
olcRootDN: cn=admin,dc=lin
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart

# Accesslog db syncprov.
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE

# syncrepl Provider for primary db
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE

# accesslog overlay definitions for primary db
dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogSuccess: TRUE
# scan the accesslog DB every day, and purge entries older than 7 days
olcAccessLogPurge: 07+00:00 01+00:00


The following in BDC

dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov

dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcSyncRepl
olcSyncRepl: rid=0 provider=ldap://lin-pdc.lin bindmethod=simple binddn="cn=admin,dc=lin"
  credentials=secret searchbase="dc=lin" logbase="cn=accesslog"
  logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on
  type=refreshAndPersist retry="60 +" syncdata=accesslog
-
add: olcUpdateRef
olcUpdateRef: ldap://lin-pdc.lin


The following only shows the name of the ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=lin contextCSN
dn: dc=lin
And I don’t see any replication in the BDC and nothing in /var/log/syslog

Any thoughts?


Regards,

Praveen Ghimire







-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Praveen Ghimire via samba
Sent: Thursday, 8 March 2018 1:02 PM
To: samba at lists.samba.org
Subject: [Samba] LDAP BDC- Classic Domain

Hi Guys,

We're trying to add a  BDC in Samb4 classic domain setup.  The Samba 3 How -To and Samb3 by Example covers this but uses the old slapd.conf option, we are using the slapd.d config. I couldn't find a similar document for Samba4

Can you please advise that the following steps will work?  LDAP in the existing PDC is working using the smbldap tools


-          Setup the LDAP in BDC exactly like the PDC, including the ldifs.

-          Copy the /etc/passwd and /etc/groups from PDC to BDC

-          Remove the contents of the /var/lib/samba in BDC

-          Run the smbpasswd -a in BDC

-          net rpc getsid in BDC

-          Do we need join the BDC to the domain? If so , does the smb.conf in BDC will only have the following in the smb.conf before the join? The confusion on my part is if the machine is already a BDC with smb.conf stuff does it have to be added to the domain?

  workgroup = LIN

    netbios name = LIN-BDC

    password server = LIN-PDC

    security = domain

    client ipc signing = auto

-          If not then do we setup smb.conf with the whole ldap settings ? passdb backend = ldapsam : ldap: //LIN-PDC.LIN

-          How do we sync the ldap settings? Consumer-Provider model?  Setting up ldifs.

-          This is more a general question about BDC. The PDC has folders that have been shared. If we changed BDC to PDC, how will the folders be shared? If we define the shares in the BDC do we then  have to go //unc path of the share?


Regards,

Praveen Ghimire

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________

More information about the samba mailing list