Re: [Samba] Samba LDAP Failover
Am 31.03.2012 20:56, schrieb Steve Thompson: On Sat, 31 Mar 2012, Massimiliano Perantoni wrote: Well, did not try, but guess it happens the same. Just for completeness, which version of samba did you use for ldap failover? I was using 3.0.33 at the time, on CentOS 5 x86_64. Not sure which revision of CentOS; it was a while ago. Steve My samba 3.5.9 DCs are pointed at a bunch of LDAP servers as well. I just tried (shut down the first LDAP server in the list) and it works as expected. Regards Stephan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP Failover
On Sat, 31 Mar 2012, Massimiliano Perantoni wrote: Well, did not try, but guess it happens the same. Just for completeness, which version of samba did you use for ldap failover? I was using 3.0.33 at the time, on CentOS 5 x86_64. Not sure which revision of CentOS; it was a while ago. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP Failover
Well, did not try, but guess it happens the same. Just for completeness, which version of samba did you use for ldap failover? Il 31 marzo 2012 19:04, Steve Thompson ha scritto: > On Sat, 31 Mar 2012, Massimiliano Perantoni wrote: > >> I'm exactly using that, without luck... > > > Not sure what to tell you; I have used multiple LDAP servers in the past > with success, although these days I use a single virtual LDAP server which > load balances across a set of backend servers. What happens if you actually > shut down the first LDAP server rather than REJECT it? > > Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP Failover
On Sat, 31 Mar 2012, Massimiliano Perantoni wrote: I'm exactly using that, without luck... Not sure what to tell you; I have used multiple LDAP servers in the past with success, although these days I use a single virtual LDAP server which load balances across a set of backend servers. What happens if you actually shut down the first LDAP server rather than REJECT it? Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP Failover
I'm exactly using that, without luck... -- Massimiliano Perantoni site: http://www.perantoni.net Il 31 marzo 2012 15:35, Steve Thompson ha scritto: > On Sat, 31 Mar 2012, Gaiseric Vandal wrote: > >> I don't think Samba (depending on the version) supports multiple ldap >> backends. You should have samba_server_1 using ldap_server_1 and >> samba_server_2 using ldap_server_2. > > > Samba most certainly does support multiple LDAP backends. There's even an > example in the smb.conf(5) man page. > > Steve > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP Failover
On Sat, 31 Mar 2012, Gaiseric Vandal wrote: I don't think Samba (depending on the version) supports multiple ldap backends.You should have samba_server_1 using ldap_server_1 and samba_server_2 using ldap_server_2. Samba most certainly does support multiple LDAP backends. There's even an example in the smb.conf(5) man page. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
On 2012-03-30 12:35 PM, Charles Marcus wrote: I was simply pointing out that the *default* behavior was to always cache all data in redirected folders on the local client using the tried and true 'offline files' technology, but in a different way with respect to Redirected Folders (with Windows 7, which, in case you hadn't noticed, is the subject being discussed) - it synchronizes *as changes are made*, *in the background*, not at logon/logoff. And of course, all of my replies also 'assume' that Samba behaves the same way as Windows Server with Win 7 Clients - meaning, the default behavior is to *always* *cache* (and sync in the background) all redirected folder data on the local client. Can anyone with *definitive* knowledge please comment on whether or not this is true (it will affect my decision on replacing our Windows Servers with Samba sometime in the next year or so)? Also, I am curious if it is even possible to disable the local caching on the client (although as I have said, I personally cannot think of *any* reason/scenario where that would be a good idea - if you truly never want *any* data residing on the local client, use THIN clients, that is what they are for). -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 roaming profiles
On 2012-03-30 3:18 AM, steve wrote: El 29/03/12 22:36, Miguel Medalha escribió: >> Charles wrote: The stuff in t he roaming profiles (very little) is copied back/forth at login/out, the stuff in t he redirected folders is *synchronized* at all times using the Offline Files technology that has long existed in Microsofts products. I create a file and store it on my desktop. roaming profile It is stored locally until I log off whereupon it is synced to the server. Correct... desktop folder redirected The file is only ever stored at the destination. Incorrect (again, unless you have changed the default, and again, I am not even sure this is possible, and definitely it is most likely not recommended). Edits are instantaneously synced, not only when I log off. Correct... they are *synced*... which means they exist in *both* locations, *not* '*only* on the destination/redirected folder'... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP Failover
The matter is that, since the manual indicates so, it should be supported and delegated to the ldap api in use... The openldap api supports rebinding. The proof of it is that if in /etc/ldap.conf I put in the uri 2 ldap servers everything works fine. The matter seems that samba, even using such an infrastructure, doesn't work. I'd like at least to know if it is some mistake I do or it is just deprecated/never supported, just to go in other directions implementing other failover-by-hand systems. Thanks! Il 31 marzo 2012 14:37, Gaiseric Vandal ha scritto: > I don't think Samba (depending on the version) supports multiple ldap > backends. You should have samba_server_1 using ldap_server_1 and > samba_server_2 using ldap_server_2. > > -Original Message- > From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] > On Behalf Of Massimiliano Perantoni > Sent: Saturday, March 31, 2012 6:12 AM > To: samba@lists.samba.org > Subject: [Samba] Samba LDAP Failover > > Hi, > I have a quite "simple" setup for a particular customer that loves > redundancy and failover. > PDC + BDC with LDAP Passwords on two 389-ds in multimaster node + several > samba member servers > > Actually pointing singularly on both the systems everything works great. > As soon as I modify my passdb backend line from the single form to the form > containing both backends that is from passdb backend = > ldapsam:"ldap://ldap1"; > or > passdb backend = ldapsam:"ldap://ldap2"; > to > passdb backend = ldapsam:"ldap://ldap1 ldap://ldap2"; > > I still authenticate on the first LDAP, but as soon I shut this off with > iptables -I OUTPUT -p tcp --dport 389 -d ldap1 -j REJECT #Simulates, from > the samba machine a failure in the service and, yes it is simple plain ol' > LDAP, no TLS I get a timeout and an auth failure. > This is the way I reproduce the problem > #with the first ldap reachable > smbclient -L pdc-01 -U maxper > Password: > Domain: [XX] > > > everything works fine > > iptables -I OUTPUT -p tcp --dport 389 -j DROP smbclient -L pdc-01 -U maxper > answers session setup failed: NT_STATUS_LOGON_FAILURE getent passwd works > OK, gives both local and ldap users after the timeout set in ldap.conf, > while samba just drops the authentication after the committed param ldap > timeout = 8 after 8 secs, samba drops and gives that error. > > Samba is version 3.4.15, while the distro is CentOS 5.4 > > any help would be appreciated! > Ciao Massimiliano > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba LDAP Failover
I don't think Samba (depending on the version) supports multiple ldap backends.You should have samba_server_1 using ldap_server_1 and samba_server_2 using ldap_server_2. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Massimiliano Perantoni Sent: Saturday, March 31, 2012 6:12 AM To: samba@lists.samba.org Subject: [Samba] Samba LDAP Failover Hi, I have a quite "simple" setup for a particular customer that loves redundancy and failover. PDC + BDC with LDAP Passwords on two 389-ds in multimaster node + several samba member servers Actually pointing singularly on both the systems everything works great. As soon as I modify my passdb backend line from the single form to the form containing both backends that is from passdb backend = ldapsam:"ldap://ldap1"; or passdb backend = ldapsam:"ldap://ldap2"; to passdb backend = ldapsam:"ldap://ldap1 ldap://ldap2"; I still authenticate on the first LDAP, but as soon I shut this off with iptables -I OUTPUT -p tcp --dport 389 -d ldap1 -j REJECT #Simulates, from the samba machine a failure in the service and, yes it is simple plain ol' LDAP, no TLS I get a timeout and an auth failure. This is the way I reproduce the problem #with the first ldap reachable smbclient -L pdc-01 -U maxper Password: Domain: [XX] everything works fine iptables -I OUTPUT -p tcp --dport 389 -j DROP smbclient -L pdc-01 -U maxper answers session setup failed: NT_STATUS_LOGON_FAILURE getent passwd works OK, gives both local and ldap users after the timeout set in ldap.conf, while samba just drops the authentication after the committed param ldap timeout = 8 after 8 secs, samba drops and gives that error. Samba is version 3.4.15, while the distro is CentOS 5.4 any help would be appreciated! Ciao Massimiliano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba LDAP Failover
Hi, I have a quite "simple" setup for a particular customer that loves redundancy and failover. PDC + BDC with LDAP Passwords on two 389-ds in multimaster node + several samba member servers Actually pointing singularly on both the systems everything works great. As soon as I modify my passdb backend line from the single form to the form containing both backends that is from passdb backend = ldapsam:"ldap://ldap1"; or passdb backend = ldapsam:"ldap://ldap2"; to passdb backend = ldapsam:"ldap://ldap1 ldap://ldap2"; I still authenticate on the first LDAP, but as soon I shut this off with iptables -I OUTPUT -p tcp --dport 389 -d ldap1 -j REJECT #Simulates, from the samba machine a failure in the service and, yes it is simple plain ol' LDAP, no TLS I get a timeout and an auth failure. This is the way I reproduce the problem #with the first ldap reachable smbclient -L pdc-01 -U maxper Password: Domain: [XX] everything works fine iptables -I OUTPUT -p tcp --dport 389 -j DROP smbclient -L pdc-01 -U maxper answers session setup failed: NT_STATUS_LOGON_FAILURE getent passwd works OK, gives both local and ldap users after the timeout set in ldap.conf, while samba just drops the authentication after the committed param ldap timeout = 8 after 8 secs, samba drops and gives that error. Samba is version 3.4.15, while the distro is CentOS 5.4 any help would be appreciated! Ciao Massimiliano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
