Una referencia de dolfo Maltez "adolfo maltez" <adolfomal...@gmail.com>
Saludos. Para replicar la base de datos LDAP entre el PDC y el BDC, debes configurar los demonios slapd en ambos servidores. La referencia en el manual de LDAP. http://www.openldap.org/doc/admin24/replication.html Hay varios modos de replicación, en mi caso para replicar entre PDC y BDC utilizo "mirror mode". Espero te funcione. Att. Adolfo Maltez >> Buenas >> >> Tengo una duda con el servidor BDC que tengo montado. Esta montado con >> un samba + openldap y despues de configurar samba segun el manual >> oficial de samba no se si la replica del ldap tambien se activa >> correctamente. Alguna vez me encuentro que saltó pero no realiza las >> validaciones rebotando todos los usuarios. >> >> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html >> >> Segun entiendo cuando monto el BDC tengo que activar la replica slave >> del openldap o no es necesario? O sea con la configuracion del >> smb.conf es suficiente o tambien tengo que configurar el slapd.conf? >> >> Os posteo ambas configs: >> >> smb.conf global: >> >> [global] >> workgroup = domain >> netbios name = domain-PDC >> security = user >> enable privileges = yes >> interfaces = 127.0.0.0/8 eth0 10.0.1.0/24 10.0.0.0/24 >> # bind interfaces only = yes >> server string = domain Primary Domain Controller >> encrypt passwords = true >> # obey pam restrictions = no >> # pam password change = yes >> >> unix password sync = no >> ldap passwd sync = yes >> passwd program = /usr/bin/smbldap-passwd %u >> passwd chat = *Enter\snew\s*\spassword:* %n\n >> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >> >> log level = 1 >> syslog = 0 >> log file = /var/log/samba/log.%m >> max log size = 1000 >> time server = yes >> #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> mangling method = hash2 >> Dos charset = 850 >> Unix charset = UTF-8 >> >> logon path = \\%N\profiles\%U >> logon drive = >> logon home = >> logon script = >> >> domain logons = yes >> domain master = yes >> local master = yes >> preferred master = yes >> os level = 65 >> wins support = yes >> dns proxy = yes >> panic action = /usr/share/samba/panic-action %d >> server signing = auto >> server schannel = auto >> winbind trusted domains only = yes >> winbind use default domain = yes >> >> passdb backend = ldapsam:"ldap://127.0.0.1 ldap://moon.domain.es" >> ldap admin dn = cn=admin,dc=domain,dc=es >> ldap suffix = dc=domain,dc=es >> ldap group suffix = ou=Groups >> ldap user suffix = ou=Users >> ldap machine suffix = ou=Computers >> ldap idmap suffix = ou=Idmap >> ldap ssl = no >> ldap delete dn = yes >> add user script = /usr/sbin/smbldap-useradd -m "%u" >> delete user script = /usr/sbin/smbldap-userdel "%u" >> add machine script = /usr/sbin/smbldap-useradd -w "%u" >> add group script = /usr/sbin/smbldap-groupadd -p "%g" >> delete group script = /usr/sbin/smbldap-groupdel "%g" >> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" >> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" >> "%g" >> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" >> >> load printers = yes >> create mask = 0644 >> directory mask = 0755 >> nt acl support = no >> printing = cups >> printcap name = cups >> deadtime = 60 >> keepalive = 600 >> guest account = nobody >> map to guest = bad user >> dont descend = /proc,/dev,/etc,/lib,/lost+found >> show add printer wizard = yes >> preserve case = yes >> short preserve case = yes >> case sensitive = no >> usershare allow guests = yes >> >> El slap.conf del PDC: >> >> # The distinguished name of the search base. >> base dc=domain,dc=es >> ldap_version 3 >> rootbinddn cn=admin,dc=domain,dc=es >> >> # Another way to specify your LDAP server is to provide an >> uri ldap:///127.0.0.1 >> >> pam_password md5 >> -exim,avahi,backup,bin,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,nagios,news >> ,ntp,openldap,polkituser,proxy,root,saned,snmp,sshd,sync,sys,syslog,uucp,www-data >> >> Si tienen algun howto ya me va bien, pero es que no tengo claro si hay >> que hacer algo mas para que funcione el bdc correctamente >> >> Un Saludo >> >> >> -- >> To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org >> with a subject of "unsubscribe". Trouble? Contact >> listmas...@lists.debian.org >> Archive: >> http://lists.debian.org/aanlktinkf4kezgr1tyh4q3vf2evmh6n41ujtptyfr...@mail.gmail.com >> >> >> ************************ >> * Analizado con MailScanner y se considera que está limpio >> * Centro de Informática y Comunicaciones - CICom EduSol >> * Desde el alto oriente cubano, visítenos en: >> * Intranet: http://ucp.gu.rimed.cu Internet: http://www.ucp.gu.rimed.cu >> *********************************************** >> >> > ************************ * Analizado con MailScanner y se considera que está limpio * Centro de Informática y Comunicaciones - CICom EduSol * Desde el alto oriente cubano, visítenos en: * Intranet: http://ucp.gu.rimed.cu Internet: http://www.ucp.gu.rimed.cu *********************************************** -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/828cbd825706e96807e1a48a874c2406.squir...@webmail.ipvce.gu.rimed.cu