Hello
I makeing a Domain Controller with Samba (v3.0.33) and LDAP (v2.4).
I will install a PDC in the headquarter and a BDC in the subsidiary of
the company that I work.
The PDC and the BDC will have his own LDAP data base.
I just install the PDC without problems and my next step is to install
the BDC.
I configured the LDAP that work in multi master mode. I made some test
and the LDAP works well.
I need to know if the BDC can write in his local data base.
In other side: Can the BDC acts as PDC when the conection betwen both
servers is broken? I need that the users that works in the subsidiary
can log in and make changes in his profiles (e.g. change his password
and so on) including when the conection with the headquarter is lost.
Below I copy the BDC's smb.conf
Can anyone help me? Thanks.
# --------------------------------------------------------------------
admin users = manager @"Domain Admins" @administradores
ntlm auth = yes
netbios name = PDC_Rosario
workgroup = SECCO
lanman auth = no
winbind trusted domains only = yes
encrypt passwords = yes
winbind use default domain = yes
server string = BDC
domain logons = yes
# ----------------------- Network Related Options -----------------
hosts allow = 10.20.0.0/16 10.18.0.0/16 localhost
# --------------------------- Logging Options ---------------------
max log size = 500
log file = /var/log/samba/%m.log
# ----------------------------- LDAP Options ----------------------
ldap passwd sync = yes
ldap admin dn = cn=manager,dc=secco,dc=com,dc=ar
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=secco,dc=com,dc=ar
# ----------------------- Standalone Server Options ---------------
security = user
passdb backend = ldapsam:ldap://127.0.0.1
# ----------------------- Domain Members Options -------------------
# ----------------------- Domain Controller Options ---------------
logon script = login.bat
add machine script = /usr/sbin/smbldap-useradd -w "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user script = /usr/sbin/smbldap-useradd -m "%u"
# ----------------------- Browser Control Options -----------------
local master = yes
os level = 65
domain master = no
preferred master = yes
#----------------------------- Name Resolution --------------------
wins support = yes
name resolve order = wins lmhosts bcast
# --------------------------- Printing Options --------------------
# --------------------------- Filesystem Options ------------------
#====================== Share Definitions =========================
[homes]
comment = Home Directories
browseable = no
writable = no
root preexec = /etc/samba/mk_sambadir "/home/%u" "%u" "%g"
write list = %S manager
valid users = SECCO\%S SECCO\manager
inherit permissions = yes
force user = %S
force group = @administradores
directory mask = 0700
create mask = 0700
[netlogon]
comment = Network Logon Service
browseable = yes
path = /home/netlogon
guest ok = yes
writable = no
valid users = SECCO\manager %U
write list = llattan
[shares]
comment = Carpeta del grupo Sistemas
path = /home2/sistemas
valid users = @shares @administradores
browseable = yes
writable = no
write list = @shares_w @administradores
inherit permissions = yes
force user = %U
force group = share
# --------------------------------------------------------------------
--
Juan Pablo Michelino
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba