[Samba] Two DC's on same subnet possible with ldap?
Is it possible (and correct) to have two DC's on the same subnet? Both have write access to an ldap backend. -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Issue logging on in a samba + ldap environment
Ok I narrowed down the problem I am having here... I have a master ldap server and a replica ldap server. If I point the DC at the master logins don't work, I get a domain cannot be found type message. If however I point it at the replica it works just fine. On both servers multiple other services also use ldap, they all work fine with either server, I have phpldapadmin on both also and from what I can see both servers contain the same information. I did a packet dump to look at the ldap queries when it fails to login, and there are no access denied type messages at all, it performs a few queries gets the right answers back, and does not continue to make any more queries that it would be if it was working correctly. The logs don't mention any errors either. Just to be sure it wasn't some kind of permissions issue on ldap I commented out all of my access-lists and gave all write to everything, still didn't work. So I am a bit confused, I really want to find out what the specific issue is here. Anyone have any suggestions on what to look at next? -- Matt Pruett [EMAIL PROTECTED] -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Proper use of SID's and LDAPon dc's?
I have two samba dc's, same subnet, the goal is to have them both be able to answer domain login requests and therefore if one goes down we still have the ability to login to the domain. Can this be done with samba? if so could you just tell me generally the procedure for this? heres what I have right now. server1, openldap master, samba points to loopback for ldap server2, openldap replica, samba points I have two samba dc's, same subnet, the goal is to have them both be able to answer domain login requests and therefore if one goes down we still have the ability to login to the domain. Can this be done with samba? if so could you just tell me generally the procedure for this? heres what I have right now. server1, openldap master, samba points to loopback for ldap server2, openldap replica, samba points to loopback, but to server1 for writes I figured that would ato loopback, but to server1 for writes I figured that would about do it, however then I see in the smbldap.conf for the idealx scripts it says # Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. I am using the latest stable of samba, is that patch included? is that something i have to worry about? I searched all over the net, and I found several asking the question but found no answers. Lastly I think my sid's are messed up a bit. My understanding is that all dc's should have the same local sid, and that the local sid as entered by net setlocalsid, will be the domain's sid. Correct? Regardless I think I have an issue here, have a look... on server1: [EMAIL PROTECTED] samba]# net getlocalsid server1 SID for domain SERVER1 is: S-1-5-21-1624854736-2567889874-1153258394 [EMAIL PROTECTED] samba]# net getlocalsid server2 [2005/11/02 00:16:17, 0] utils/net.c:net_getlocalsid(494) Can't fetch domain SID for name: server2 on server2: [EMAIL PROTECTED] samba]# net getlocalsid server1 SID for domain server1 is: S-1-5-21-3030423605-2090081018-3134100962 [EMAIL PROTECTED] samba]# net getlocalsid server2 SID for domain server2 is: S-1-5-21-1624854736-2567889874-1153258394 so why is it that I can not query the localsid for server2 from server1, and that it reports some other sid on the other box for server1? I should mention that server2 is the wins server, and server1 has a wins server = ipofserver2 in its config. Domain logins work fine when workstations authenticate to server2, they dont seem to work at all when going to 1. They used to, but something got jacked up and several things I don't think were ever quite right. Thanks, I hope you guys can straighten me out a bit. -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Two DC's + ldap, some general questions
I have two samba dc's, same subnet, the goal is to have them both be able to answer domain login requests and therefore if one goes down we still have the ability to login to the domain. Can this be done with samba? if so could you just tell me generally the procedure for this? heres what I have right now. server1, openldap master, samba points to loopback for ldap server2, openldap replica, samba points to loopback, but to server1 for writes I figured that would about do it, however then I see in the smbldap.conf for the idealx scripts it says # Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. I am using the latest stable of samba, is that patch included? is that something i have to worry about? I searched all over the net, and I found several asking the question but found no answers. Lastly I think my sid's are messed up a bit. My understanding is that all dc's should have the same local sid, and that the local sid as entered by net setlocalsid, will be the domain's sid. Correct? Regardless I think I have an issue here, have a look... on server1: [EMAIL PROTECTED] samba]# net getlocalsid server1 SID for domain SERVER1 is: S-1-5-21-1624854736-2567889874-1153258394 [EMAIL PROTECTED] samba]# net getlocalsid server2 [2005/11/02 00:16:17, 0] utils/net.c:net_getlocalsid(494) Can't fetch domain SID for name: server2 on server2: [EMAIL PROTECTED] samba]# net getlocalsid server1 SID for domain server1 is: S-1-5-21-3030423605-2090081018-3134100962 [EMAIL PROTECTED] samba]# net getlocalsid server2 SID for domain server2 is: S-1-5-21-1624854736-2567889874-1153258394 so why is it that I can not query the localsid for server2 from server1, and that it reports some other sid on the other box for server1? I should mention that server2 is the wins server, and server1 has a wins server = ipofserver2 in its config. Domain logins work fine when workstations authenticate to server2, they dont seem to work at all when going to 1. They used to, but something got jacked up and several things I don't think were ever quite right. Thanks, I hope you guys can straighten me out a bit. -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] idealx dual head patch?
i have two domain controllers, both have openldap, server1 can write to the ldap database and pushes that to server2 which can only read. In the smbldap.conf file it reads... # Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. # Those two servers declarations can also be used when you have # . one master LDAP server where all writing operations must be done # . one slave LDAP server where all reading operations must be done # (typically a replication directory) # Ex: slaveLDAP=127.0.0.1 slaveLDAP=127.0.0.1 slavePort=389 # Master LDAP : needed for write operations # Ex: masterLDAP=127.0.0.1 masterLDAP=172.16.0.1 masterPort=389 So my question is, in the newest versions of samba has this patch that they talk about already been added? or not? I cant find this dual head patch anywhere on idealx's site either. -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain cannot be contacted
I have setup two samba domain controllers, both have basicly the same configs and use the same ldap database backend. Often however when logging in users will get a domain cannot be contacted error, attempting to login multiple times will eventually get them in and it will work fine from then on. The question is, is there anything else I really need to do to make this work correctly? Why would this error be occuring only some of the time? I can generally join the domain fine, and browse / access the shares on both servers. So I am wondering if I missed something, like something I need to add to the config so the two servers know they are both DC's? The goal is to be able to at least log in with only one of the two up. And suggested reading on this subject? any ideas? Thanks :) -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple domain controllers
I have setup two samba domain controllers, both have basicly the same configs and use the same ldap database backend. The question is, is there anything else I really need to do to make this work correctly? I can generally join the domain fine, and browse / access the shares on both servers. Sometimes there are login issues, trying to log in multiple times works. So I am wondering if I missed something, like something I need to add to the config so the two servers know they are both DC's? The goal is to be able to at least log in with only one of the two up. And suggested reading on this subject? any ideas? Thanks :) -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] macintosh file clutter on samba filesystems.
If I veto them will it prevent them from getting created on the filesystem in the first place? And them being annoyed with the way it looks isnt a big deal since several were actually being annoyed that one person had set it up to look a certain way and annother didnt like it.. etc. On Mon, 2005-04-04 at 00:12 -0700, Matthew Easton wrote: On Sunday 03 April 2005 15:50, Matt Pruett wrote: I have a client who has a bunch of macs accessing some samba shares, and they write these ._filename and .DS_STORE files all over the place, he would perfer it to not write these files at all. Anyone ran into this issue? what would be the best way to prevent these files from getting written onto the shares? veto? -- Matt Pruett [EMAIL PROTECTED] You can use the hide files directive, but windows clients can override it with a show hidden files option in the tools menu of a directory window. If most users have the default view options, this is an excellent way to hide the files. veto files works too. If the macintosh clients are accessing the share via netatalk or some other appletalk-on-unix service, then the veto files directive will not affect them at all. And likely, if they are using MacOSX windows networking, it won't prevent them from accessing the share, but they may be annoyed about how it looks. Here's what I have: veto files = /Network Trash Folder/TheVolumeSettingsFolder/Desktop Folder/TheFindByContentFolder/Temporary Items/.DS_Store/ !DSPAM:4250e93d73175305820540! -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] macintosh file clutter on samba filesystems.
I have a client who has a bunch of macs accessing some samba shares, and they write these ._filename and .DS_STORE files all over the place, he would perfer it to not write these files at all. Anyone ran into this issue? what would be the best way to prevent these files from getting written onto the shares? veto? -- Matt Pruett [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
