Re: [Samba] PDC and BDC... what about de shared folders??
El 13/03/2011 06:14 a.m., Daniel Müller escribió: On Fri, 11 Mar 2011 11:05:59 -0600, Bayardo Rivas - Open Soluciones Hi, with a bdc you will only have a authentication nothing else. You have to have the same shares on both pdc and bdc and have them sync in realtime (drbd master/master or something cluster) to keep the data for the users up. My experencies in production PDC/LDAP BDC/LDAP are that if you do not have a replicating wins on both. It could be when the pdc (or bdc) failes a couple of users can login the other (who where logged on to the pc) need to rejoin the machnie to the domain). Samba4wins will do that job. Good Luck Daniel Thank you Daniel, I have a little experience with Samba + LDAP so, any reading that you suggest would be great. I will post questions on the way while I work on configuration. Sorry for my english. Bayardo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC and BDC... what about de shared folders??
On Fri, 11 Mar 2011 11:05:59 -0600, Bayardo Rivas - Open Soluciones Hi, with a bdc you will only have a authentication nothing else. You have to have the same shares on both pdc and bdc and have them sync in realtime (drbd master/master or something cluster) to keep the data for the users up. My experencies in production PDC/LDAP BDC/LDAP are that if you do not have a replicating wins on both. It could be when the pdc (or bdc) failes a couple of users can login the other (who where logged on to the pc) need to rejoin the machnie to the domain). Samba4wins will do that job. Good Luck Daniel wrote: > Hi, > > i am new in the mailing list. I am trying to figure out my > configuration. I have a Samba server authenticating with /etc/passwd. We > are planing to move to LDAP and install a BDC server. The information I > found googleing is always related to BDC as a backup for authentication > but, I am not clear about the files stored in shared folders. > > I am reading (everybody recomend it) this book and the number 5 specific > chapter > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html > > As said, I am not sure how to give access to the shared folders (stored > in PDC) when it fails, because I suppose that users will authenticate > with the BDC server, and What about the shared folders?? Do I have to > sync this folders and add in the configuration of BDC the shared folders?? > > Thanks for your help. > > Bayardo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDC and BDC... what about de shared folders??
Hi, i am new in the mailing list. I am trying to figure out my configuration. I have a Samba server authenticating with /etc/passwd. We are planing to move to LDAP and install a BDC server. The information I found googleing is always related to BDC as a backup for authentication but, I am not clear about the files stored in shared folders. I am reading (everybody recomend it) this book and the number 5 specific chapter http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html As said, I am not sure how to give access to the shared folders (stored in PDC) when it fails, because I suppose that users will authenticate with the BDC server, and What about the shared folders?? Do I have to sync this folders and add in the configuration of BDC the shared folders?? Thanks for your help. Bayardo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC and BDC... what about de shared folders??
Quoting Bayardo Rivas - Open Soluciones : Hi, i am new in the mailing list. I am trying to figure out my configuration. I have a Samba server authenticating with /etc/passwd. We are planing to move to LDAP and install a BDC server. The information I found googleing is always related to BDC as a backup for authentication but, I am not clear about the files stored in shared folders. I am reading (everybody recomend it) this book and the number 5 specific chapter http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html As said, I am not sure how to give access to the shared folders (stored in PDC) when it fails, because I suppose that users will authenticate with the BDC server, and What about the shared folders?? Do I have to sync this folders and add in the configuration of BDC the shared folders?? Thanks for your help. Bayardo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Yes you will have to sync the folders and add them to the BDC configuration when they are needed. I also suggest having a look at using a netbios alias and/or DFS to make the failover easer on your users. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC and BDC... what about de shared folders??
On Fri, Mar 11, 2011 at 2:08 PM, Bayardo Rivas - Open Soluciones wrote: > Hi, > > i am new in the mailing list. I am trying to figure out my configuration. I > have a Samba server authenticating with /etc/passwd. We are planing to move > to LDAP and install a BDC server. The information I > found googleing is always related to BDC as a backup for authentication but, > I am not clear about the files stored in shared folders. > > I am reading (everybody recomend it) this book and the number 5 specific > chapter > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html > > As said, I am not sure how to give access to the shared folders (stored in > PDC) when it fails, because I suppose that users will authenticate with the > BDC server, and What about the shared folders?? Do I have to > sync this folders and add in the configuration of BDC the shared folders?? > On my work network. I put no shares on the PDC or BDC but on other member servers. My PDC and BDC actually are very small and I have migrated them both to virtual machines as guests. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDC and BDC... what about de shared folders??
Hi, i am new in the mailing list. I am trying to figure out my configuration. I have a Samba server authenticating with /etc/passwd. We are planing to move to LDAP and install a BDC server. The information I found googleing is always related to BDC as a backup for authentication but, I am not clear about the files stored in shared folders. I am reading (everybody recomend it) this book and the number 5 specific chapter http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html As said, I am not sure how to give access to the shared folders (stored in PDC) when it fails, because I suppose that users will authenticate with the BDC server, and What about the shared folders?? Do I have to sync this folders and add in the configuration of BDC the shared folders?? Thanks for your help. Bayardo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDC and BDC across WAN
We have several locations seperated by WAN links. There is one PDC in the central office, and a BDC at each other site. The PDC has a WINS server, all other servers and stations are configured to query this server (hybrid mode - WINS first, then broadcast.) Here is my problem: When one of the BDCs is disconnected from the network, all of the sites suffer problems (ie., Windows logins slow down from 10-15 seconds to 5-10 minutes, system policies fail to apply, accessing mapped drives slows down.) The entire domain basically becomes unusable. When the connection is reestablished, everything returns to normal rather quickly. I've spent some time Googling my problem, but so far have been unsuccessful. Should I be using interdomain trust relationships instead of my current single WAN-spanning domain? Or is there something else I've overlooked? -- Mike Alborn <[EMAIL PROTECTED]> School District 28 (Quesnel) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC and BDC problem
Hello, The following is my PDC and BDC some setting: PDC: local master = yes os level = 65 domain master = yes preferred master = yes domain logon = yes BDC: local master = no os level = 33 domain master = no preferred master = no domain logon = yes I has windows xp sp1(created in vmware + fc5(created in vmware)+Samba x2+ LDAP x2(Replication) for testing. http://www.wilson-kwok.com/ldap.GIF I turned off BDC and PDC work find when user login, but I turned off PDC and user cannot login to BDC, can someone tell me what is the problem ? Thanks -- By linking web mail system -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC and BDC: how to sync profiles
Em Sex 21 Out 2005 00:57, Philip Washington escreveu: > Andreas > I currently have a NT4 Domain that I am trying to migrate to Samba. I'm > really interested in your setup. I currently am concerned because the > documentation (Samba3-Example) I have seen so far sets up a BDC that > points to the ldap on the PDC. As far as I can tell that means if my Actually, you should point the BDC to a slave ldap, preferably on the same machine. That's what I'm doing anyway. The only thing I depend on being on the PDC alone is the wins server, since samba can't replicate it yet. I just choose to place the wins server at the PDC, but it could be any other machine. But only one (no backups). > PDC goes down my network is down. If you could provide me with any > information on where to find the HOWTO or copies of your configuration > it would be greatly appreciated. I followed this: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC and BDC: how to sync profiles
Andreas wrote: On Thu, Oct 20, 2005 at 03:41:44PM +0200, Robert Schetterer wrote: Having a bdc in another net i.e over vpn to another office so you give the profile and home path to that bdc in the ldap entries of the users of this "remote" office. Ok, that scenario is clear. The other part ist to have the bdc as a fallback to the pdc, there for you have to make sure that That is my scenario: BDCs around as a fallback and to alleviate the load on the PDC for auth purposes. files , homes , profiles got in sync with the pdc ones. There are so many ways to do this that i can describe...this is related The problem is that these methods are ony way: rsync from PDC to BDC or vice-versa. Which means that, when using %L in the profile specification, the user would either be using the PDC one or the BDC one. rsync doesn't really work well here, since it's one-way. And NFS gives me nightmares :) That's why I asked the list about what most people would do in this scenario. how you wanna do this i.e rsync nfs copy etc. and which fits best to your needs. It is a good idea speacialy in bigger networks hosting profiles and homes not on the pdc/bdc and let them do only auth jobs. for hosting profiles and homes you might use a nas server which has raid etc I'm inclined to do that, not only to make sure xDCs only serve auth, but because of the profile sync problem. If I place the profiles elsewhere (in another server), the only problem I could have if that server went down is the (temporary) loss of the profile. Users should be instructed to not store important things there anyway (the profile has to be small). Andreas I currently have a NT4 Domain that I am trying to migrate to Samba. I'm really interested in your setup. I currently am concerned because the documentation (Samba3-Example) I have seen so far sets up a BDC that points to the ldap on the PDC. As far as I can tell that means if my PDC goes down my network is down. If you could provide me with any information on where to find the HOWTO or copies of your configuration it would be greatly appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC and BDC: how to sync profiles
On Thu, Oct 20, 2005 at 06:18:06AM -0700, Craig White wrote: > with passdb of tdb or ldap, you can specify a valid share on any member > server or DC for each specific user rather than just using one share on > one server for all users. Bear in mind that on Samba profile shares, it > is typical to use a few directives such as 'csc policy = disable' and > 'profile acls = yes' I will check what those mean, thanks. And yes, I'm using ldap master/slave in this scenario (pdc with ldap master, bdcs with ldap slave). Replication got so much easier with openldap-2.3.x :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC and BDC: how to sync profiles
On Thu, Oct 20, 2005 at 03:41:44PM +0200, Robert Schetterer wrote: > Having a bdc in another net i.e over vpn to another office > so you give the profile and home path to that bdc in the ldap entries of > the users of this "remote" office. Ok, that scenario is clear. > The other part ist to have the bdc as a fallback to the pdc, there for > you have to make sure that That is my scenario: BDCs around as a fallback and to alleviate the load on the PDC for auth purposes. > files , homes , profiles got in sync with the pdc ones. > There are so many ways to do this that i can describe...this is related The problem is that these methods are ony way: rsync from PDC to BDC or vice-versa. Which means that, when using %L in the profile specification, the user would either be using the PDC one or the BDC one. rsync doesn't really work well here, since it's one-way. And NFS gives me nightmares :) That's why I asked the list about what most people would do in this scenario. > how you wanna do this > i.e rsync nfs copy etc. and which fits best to your needs. > It is a good idea speacialy in bigger networks hosting profiles and > homes not on the pdc/bdc > and let them do only auth jobs. for hosting profiles and homes you might > use a nas server > which has raid etc I'm inclined to do that, not only to make sure xDCs only serve auth, but because of the profile sync problem. If I place the profiles elsewhere (in another server), the only problem I could have if that server went down is the (temporary) loss of the profile. Users should be instructed to not store important things there anyway (the profile has to be small). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC and BDC: how to sync profiles
On Thu, 2005-10-20 at 09:56 -0200, Andreas wrote: > I was wondering how people sync the roaming profiles in an environment > with a PDC and multiple BDCs. Are profiles better stored in another > server (a member server) instead of the xDC? > > I could use rsync from the PDC to the BDC, but that doesn't work the > other way around, i.e., when a user logs in via a BDC whatever changes > they make won't go back to the PDC. Unless the profile is: > - always stored in the PDC > - stored elsewhere (i.e., not a xDC) > > Seems it's better to store the profiles in a single server and live with > it when that server goes down for some reason or another. Or not? What > do people usually do? with passdb of tdb or ldap, you can specify a valid share on any member server or DC for each specific user rather than just using one share on one server for all users. Bear in mind that on Samba profile shares, it is typical to use a few directives such as 'csc policy = disable' and 'profile acls = yes' I think it is much easier to control/script/maintain ldapsam than tdbsam passdb's but that's my opinion. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC and BDC: how to sync profiles
I was wondering how people sync the roaming profiles in an environment with a PDC and multiple BDCs. Are profiles better stored in another server (a member server) instead of the xDC? I could use rsync from the PDC to the BDC, but that doesn't work the other way around, i.e., when a user logs in via a BDC whatever changes they make won't go back to the PDC. Unless the profile is: - always stored in the PDC - stored elsewhere (i.e., not a xDC) Seems it's better to store the profiles in a single server and live with it when that server goes down for some reason or another. Or not? What do people usually do? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC and BDC - do they need the same SIDs or different?
Gustavo Lima wrote: Exactly the same SID they need. PDC is running Samba 3.0.9, BDC is running Samba 3.0.5. OK, so I get the same SID on both machines: On FIRST: # net getlocalsid SID for domain FIRST is: S-1-5-21-1517566737-222097662-23938227 On SECOND: # net getlocalsid SID for domain FIRST is: S-1-5-21-1517566737-222097662-23938227 and for domain it's also the same (is it OK that it's the same?): # net getlocalsid DOMAIN SID for domain FIRST is: S-1-5-21-1517566737-222097662-23938227 But when I query from a PDC (FIRST) for FIRST I get: # smbclient -L FIRST -U% Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.9] Sharename Type Comment - --- Shared Disk Shared folder print$ Disk Drivers IPC$IPC IPC Service (Samba 3.0.9) ADMIN$ IPC IPC Service (Samba 3.0.9) HPPSC1110 Printer HP PSC 1110 Domain=[MAGISTA] OS=[Unix] Server=[Samba 3.0.9] Server Comment ---- FIRSTSamba 3.0.9 WorkgroupMaster ---- DOMAIN But when I query for a BDC (SECOND) it gives me the same reply as for PDC (FIRST)! # smbclient -L SECOND -U% Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.9] Sharename Type Comment - --- Shared Disk Shared folder print$ Disk Drivers IPC$IPC IPC Service (Samba 3.0.9) ADMIN$ IPC IPC Service (Samba 3.0.9) HPPSC1110 Printer HP PSC 1110 Domain=[MAGISTA] OS=[Unix] Server=[Samba 3.0.9] Server Comment ---- FIRSTSamba 3.0.9 WorkgroupMaster ---- DOMAIN When I query from BDC, it gives me correct values. Any hint what is wrong? Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC and BDC - do they need the same SIDs or different?
Hello, If I have a PDC with a netbios name FIRST, and I want to add a BDC - named SECOND - do these machines need to have the same SIDs, or different (I just copied files / settings from PDC to BDC and I'm not sure what to do next)? Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC and BDC with ldap master and slave backend
* Andrew Bartlett <[EMAIL PROTECTED]> nulis: > > Not only will they just keep changing it, I have found that they keep > changing it to the same value. I'll commit a patch shortly that makes > avoid touching ldap if they 'change but don't change' their passwords... > Great!! sol. > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net > --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC and BDC with ldap master and slave backend
On Tue, 2004-02-10 at 01:02, Jérôme Tournier wrote: > Le Mon, Feb 09, 2004 at 07:34:38PM +0700, Beast a ecrit: > > Problem if master ldap is over wan and link is down. nobody will be able to change > > any attributes on that site. I know its not samba fault, but any advise on that > > setup? > > and if the link is down, as computers peridically changed their trust > account password, what will happen if they can't do that ? They'll keep > their current password, but can they keep it a long time without problem > in user authentication or anything else ? Not only will they just keep changing it, I have found that they keep changing it to the same value. I'll commit a patch shortly that makes avoid touching ldap if they 'change but don't change' their passwords... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC and BDC with ldap master and slave backend
Le Mon, Feb 09, 2004 at 07:34:38PM +0700, Beast a ecrit: > Problem if master ldap is over wan and link is down. nobody will be able to change > any attributes on that site. I know its not samba fault, but any advise on that > setup? and if the link is down, as computers peridically changed their trust account password, what will happen if they can't do that ? They'll keep their current password, but can they keep it a long time without problem in user authentication or anything else ? -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC and BDC with ldap master and slave backend
* Andrew Bartlett <[EMAIL PROTECTED]> nulis: > > Not quite. Even if the master is not mentioned in the smb.conf, Samba > will follow the 'referral', from the current LDAP server to find where > it should make the write. Problem if master ldap is over wan and link is down. nobody will be able to change any attributes on that site. I know its not samba fault, but any advise on that setup? --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC and BDC with ldap master and slave backend
On Mon, 2004-02-09 at 20:08, Jérôme Tournier wrote: > Le Mon, Feb 09, 2004 at 08:35:52AM +1100, Andrew Bartlett a ecrit: > > > => passdb backend = ldapsam:"ldap://slave.quenya.org ldap://master.quenya.org"; > > > will samba store informations in the master ldap server or will it fail ? > > > > This will work fine. Samba will talk to the master for updates. Set > > 'ldap replication sleep' to the amount of time you expect the slave to > > take to catch up to reality. (Oh, and I know that's dody, but better > > ideas haven't yet been implemented). > > OK. But with the order specified in the example above (slave and then > master), will samba contact first the slave and then the master if needed > ? > I mean, let suppose i have the 'passdb backend' defined above. If samba > need to modify something, is the operation procedure like this : > 1) samba contact the first ldaps server mentionned in 'passdb backend', >ie the slave server > 2) samba try to update the directory : that fail > 3) samba try to contact the second ldap server mentionned in 'passdb >backend', ie the master Not quite. Even if the master is not mentioned in the smb.conf, Samba will follow the 'referral', from the current LDAP server to find where it should make the write. > 4) samba try to update the master directory : succes > 5) all next operations will be done first with the slave ldap server > > Is that the good senario ? > Thanks This is basically how it works. Except for writes, it will also contact the master (the second server in the config line) if the slave just isn't there. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC and BDC with ldap master and slave backend
Le Mon, Feb 09, 2004 at 08:35:52AM +1100, Andrew Bartlett a ecrit: > > => passdb backend = ldapsam:"ldap://slave.quenya.org ldap://master.quenya.org"; > > will samba store informations in the master ldap server or will it fail ? > > This will work fine. Samba will talk to the master for updates. Set > 'ldap replication sleep' to the amount of time you expect the slave to > take to catch up to reality. (Oh, and I know that's dody, but better > ideas haven't yet been implemented). OK. But with the order specified in the example above (slave and then master), will samba contact first the slave and then the master if needed ? I mean, let suppose i have the 'passdb backend' defined above. If samba need to modify something, is the operation procedure like this : 1) samba contact the first ldaps server mentionned in 'passdb backend', ie the slave server 2) samba try to update the directory : that fail 3) samba try to contact the second ldap server mentionned in 'passdb backend', ie the master 4) samba try to update the master directory : succes 5) all next operations will be done first with the slave ldap server Is that the good senario ? Thanks -- Jérôme pgp0.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC and BDC with ldap master and slave backend
On Mon, 2004-02-09 at 07:35, Jérôme Tournier wrote: > Hi all ! > In the samba-Howto, i was looking on informations on how to set up > both a samba PDC and a samba BDC controller with ldap backend. > I can read: > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Do not install a Samba PDC on a OpenLDAP slave server... > Possible PDC/BDC plus LDAP configurations include: > . PDC -> LDAP master server, BDC -> LDAP slave server. I have removed this comment. With the addition of the 'ldap replication sleep' parameter, this can be made to work quite well. > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > And now i am wondering this questions : > . if the samba DBC contain the following configuration > => passdb backend = ldapsam:"ldap://slave.quenya.org ldap://master.quenya.org"; > will samba store informations in the master ldap server or will it fail ? This will work fine. Samba will talk to the master for updates. Set 'ldap replication sleep' to the amount of time you expect the slave to take to catch up to reality. (Oh, and I know that's dody, but better ideas haven't yet been implemented). > Or is it necessary to put the master ldap server first like this : > => passdb backend = ldapsam:"ldap://master.quenya.org ldap://slave.quenya.org"; > . can i install a samba BDC with a ldap slave server ? Yes you will answer me > but in the case where the master ldap server is unreachable, where does > the samba BDC will store new informations (Machine Trust Account password > for example wich are periodically changed) In the configuration, if the master cannot be reached, the slave will be contacted as a read-only backup. Updates will fail. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba PDC and BDC with ldap master and slave backend
Hi all ! In the samba-Howto, i was looking on informations on how to set up both a samba PDC and a samba BDC controller with ldap backend. I can read: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Do not install a Samba PDC on a OpenLDAP slave server... Possible PDC/BDC plus LDAP configurations include: . PDC -> LDAP master server, BDC -> LDAP slave server. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= And now i am wondering this questions : . if the samba DBC contain the following configuration => passdb backend = ldapsam:"ldap://slave.quenya.org ldap://master.quenya.org"; will samba store informations in the master ldap server or will it fail ? Or is it necessary to put the master ldap server first like this : => passdb backend = ldapsam:"ldap://master.quenya.org ldap://slave.quenya.org"; . can i install a samba BDC with a ldap slave server ? Yes you will answer me but in the case where the master ldap server is unreachable, where does the samba BDC will store new informations (Machine Trust Account password for example wich are periodically changed) Thanks for any precision :) -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC and BDC
On Wed, 2003-01-22 at 14:33, Sascha Bieler wrote: > Hi @ all, > > can someone tell me please if I have to synchronise the samba-password-file > when I have a PDC and a BDC running? > yes you do. or you could use ldap and replication... > Situation: > > All machines have trustee accounts on the pdc and like to log on the bdc. Does > the bdc know about the users from pdc when I set up the 'password > server'-parameter? it can use the pdc to authenticate users but then what's the point of a bdc? brad -- Bradley W. Langhorst <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC and BDC
Hi @ all, can someone tell me please if I have to synchronise the samba-password-file when I have a PDC and a BDC running? Situation: All machines have trustee accounts on the pdc and like to log on the bdc. Does the bdc know about the users from pdc when I set up the 'password server'-parameter? Thanks for help Sascha -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC and BDC
You can achieve this using LDAP as a samba and unix password backend. I've done this and it works quite nicely Best Diego On Wed, 2002-10-30 at 11:46, Gurnish Anand wrote: > Hello, > How can I make two linux servers sync passwords. Is it something I do > with Samba?? I want both the unix accounts and samba accounts be sync'ed. > > Please help!! > > Thanks, > > Gurnish > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC and BDC
Hello, How can I make two linux servers sync passwords. Is it something I do with Samba?? I want both the unix accounts and samba accounts be sync'ed. Please help!! Thanks, Gurnish -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC and BDC
Hi, I want to set up Samba servers on our two Linux (Redhat 7.1) machines and get the passwords sync on both of them. How can I go about it. Also, how can i make password restrictions work between Samba and Win98 workstations. Please direct me to a HOW-to or any documentations if any. Thanks, Gurnish -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: SOLVED! [Samba] PDC and BDC with LDAP and Samba 2.2.4
On Wed, 5 Jun 2002, Yannick Tousignant wrote: > > No it didn't work simply by copying the secrets.tdb file > because this file contain also the name of the current > server (that shouldn't be the same on the bdc). > > And yes, both servers are running on the same subnet > and the bdc takes over immediatly if i unplug the network > cable of the pdc... OK. We need a way to set the rid for a BDC by querying the PDC. Will work on this. Probably a post 2.2.5 issue though. jerry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: SOLVED! [Samba] PDC and BDC with LDAP and Samba 2.2.4
No it didn't work simply by copying the secrets.tdb file because this file contain also the name of the current server (that shouldn't be the same on the bdc). And yes, both servers are running on the same subnet and the bdc takes over immediatly if i unplug the network cable of the pdc... Yannick > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Gerald Carter > Sent: Wednesday, June 05, 2002 4:05 PM > To: Yannick Tousignant > Cc: [EMAIL PROTECTED] > Subject: RE: SOLVED! [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > On Wed, 5 Jun 2002, Yannick Tousignant wrote: > > > > > It's me again, with the solution to my problems. > > > > To get a working BDC, you have to kill samba, delete your > > secrets.tdb, create a MACHINE.SID and then restart samba. You > > will have to do this on the PDC and the BDC to have the same > > SID the the secrets.tdb file. Then machine account are valid > > even if you move your PDC, or you add a 2nd BDC, as long as you > > create the MACHINE.SID file before the first startup of samba. > > Don't forget, the MACHINE.SID file have to be the same on all > > domain controlers or machine account will be invalid. > > > > And ho, backup your MACHINE.SID file, samba deletes it when > > it convert the file to secrets.tdb! > > So this did not work by simply copying secrets.tdb from > the PDC to the BDC? > > > > > > > > cheers, jerry > - > Hewlett-Packard http://www.hp.com > SAMBA Team http://www.samba.org > --http://www.plainjoe.org > "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 > --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: SOLVED! [Samba] PDC and BDC with LDAP and Samba 2.2.4
On Wed, 5 Jun 2002, Yannick Tousignant wrote: > > It's me again, with the solution to my problems. > > To get a working BDC, you have to kill samba, delete your > secrets.tdb, create a MACHINE.SID and then restart samba. You > will have to do this on the PDC and the BDC to have the same > SID the the secrets.tdb file. Then machine account are valid > even if you move your PDC, or you add a 2nd BDC, as long as you > create the MACHINE.SID file before the first startup of samba. > Don't forget, the MACHINE.SID file have to be the same on all > domain controlers or machine account will be invalid. > > And ho, backup your MACHINE.SID file, samba deletes it when > it convert the file to secrets.tdb! So this did not work by simply copying secrets.tdb from the PDC to the BDC? cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: SOLVED! [Samba] PDC and BDC with LDAP and Samba 2.2.4
It's me again, with the solution to my problems. To get a working BDC, you have to kill samba, delete your secrets.tdb, create a MACHINE.SID and then restart samba. You will have to do this on the PDC and the BDC to have the same SID the the secrets.tdb file. Then machine account are valid even if you move your PDC, or you add a 2nd BDC, as long as you create the MACHINE.SID file before the first startup of samba. Don't forget, the MACHINE.SID file have to be the same on all domain controlers or machine account will be invalid. And ho, backup your MACHINE.SID file, samba deletes it when it convert the file to secrets.tdb! Thanks to you all!!! Yannick Tousignant === Gestion Informatique OKA ltée. Téléphone : (514) 282-9334 (#238) > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Yannick Tousignant > Sent: Wednesday, June 05, 2002 12:10 PM > To: Gerald Carter > Cc: [EMAIL PROTECTED] > Subject: RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > > Ok, i'm stuck at this point. Either if i want to move > the current PDC to another server or if i want to make > a BDC, i have to rejoin all the stations to the domain. > > The machine account are stored in the LDAP database that > I replicate to the BDC. The problem is that samba store > some kind of part of the machine account somewhere (maybe > in secrets.tdb) that i can't replicate on both servers. So > if the users log into another PDC, the machine accounts > are not valid for the server, so it deny all logon! > > If anyone can help me find a way to have valid machine > account on 2 different DC... > > > Thanks! > > > Yannick > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of Gerald Carter > > Sent: Wednesday, June 05, 2002 9:04 AM > > To: Yannick Tousignant > > Cc: [EMAIL PROTECTED] > > Subject: RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > > > > On Tue, 4 Jun 2002, Yannick Tousignant wrote: > > > > > > > > > > > Hi, I tried to move the current PDC to another machine > > > that have the same LDAP database. It didn't work... There > > > is something about the machine account! How does samba > > > handle this? i could not logon to the moved PDC, so i > > > rejoined the domain (added my machine in TEMP workgroup, > > > reboot, rejoin de domain, reboot), and then it worked! > > > > > > Is there any way i can bypass this? > > > > Can the uid's for passwd entries sync'd on bother servers? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > cheers, jerry > > - > > Hewlett-Packard http://www.hp.com > > SAMBA Team http://www.samba.org > > --http://www.plainjoe.org > > "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 > > --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] was Samba PDC and BDC
Of course you need to have the same SID as it is the sid of the domain. I think that just copying over MACHINE.SID and making the second server regenerate the secrets.tdb from it (or simply compying also the secrtes tdb) will make the two machines show the same SID and thus being controllers of the same domain. Simo. -- Simo Sorce -- Una scelta di liberta': Software Libero. A choice of freedom: Free Software. http://www.softwarelibero.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4
Ok, i'm stuck at this point. Either if i want to move the current PDC to another server or if i want to make a BDC, i have to rejoin all the stations to the domain. The machine account are stored in the LDAP database that I replicate to the BDC. The problem is that samba store some kind of part of the machine account somewhere (maybe in secrets.tdb) that i can't replicate on both servers. So if the users log into another PDC, the machine accounts are not valid for the server, so it deny all logon! If anyone can help me find a way to have valid machine account on 2 different DC... Thanks! Yannick > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Gerald Carter > Sent: Wednesday, June 05, 2002 9:04 AM > To: Yannick Tousignant > Cc: [EMAIL PROTECTED] > Subject: RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > On Tue, 4 Jun 2002, Yannick Tousignant wrote: > > > > > > > Hi, I tried to move the current PDC to another machine > > that have the same LDAP database. It didn't work... There > > is something about the machine account! How does samba > > handle this? i could not logon to the moved PDC, so i > > rejoined the domain (added my machine in TEMP workgroup, > > reboot, rejoin de domain, reboot), and then it worked! > > > > Is there any way i can bypass this? > > Can the uid's for passwd entries sync'd on bother servers? > > > > > > > > > > > > > > > > cheers, jerry > - > Hewlett-Packard http://www.hp.com > SAMBA Team http://www.samba.org > --http://www.plainjoe.org > "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 > --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4
Hi, Thanks for replying me Gerald. > > > > > > Hi, I tried to move the current PDC to another machine > > that have the same LDAP database. It didn't work... There > > is something about the machine account! How does samba > > handle this? i could not logon to the moved PDC, so i > > rejoined the domain (added my machine in TEMP workgroup, > > reboot, rejoin de domain, reboot), and then it worked! > > > > Is there any way i can bypass this? > > Can the uid's for passwd entries sync'd on bother servers? That's not the problem, because they are sync'd on both servers using slurpd. How does samba handle the validity of a machine password? If i can solve this, then i can have a BDC... I'm thinking maybe put add a MACHINE.SID file to both servers, with the same SID. Maybe that can solve my problem. I'll keep you informed. Yannick > cheers, jerry > - > Hewlett-Packard http://www.hp.com > SAMBA Team http://www.samba.org > --http://www.plainjoe.org > "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 > --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4
On Tue, 4 Jun 2002, Yannick Tousignant wrote: > > > Hi, I tried to move the current PDC to another machine > that have the same LDAP database. It didn't work... There > is something about the machine account! How does samba > handle this? i could not logon to the moved PDC, so i > rejoined the domain (added my machine in TEMP workgroup, > reboot, rejoin de domain, reboot), and then it worked! > > Is there any way i can bypass this? Can the uid's for passwd entries sync'd on bother servers? cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4
On Tue, 4 Jun 2002, Klaus Zahradnik wrote: > Nope, I just checked in a Book. It can't act as a Backup Domain > Controler. :o( We are talking about two different things here. Samba cannot act as a BDC for a Windows PDC, but my tests showed that we can act as a BDC for another Samba box. cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4
On Tue, 4 Jun 2002, Yannick Tousignant wrote: > In this link : > > http://www.samba.org/samba/ftp/docs/htmldocs/Samba-BDC-HOWTO.html > > It seems possible to act like BDC as long as the PDC is a samba machine. > I did everyting there, and both servers have the same secrets.tdb file. My testing using an smbpasswd (several months ago worked ok. I never ran the setup in production though. I'll run some tests later this week and see what's going on. For the record, you setup should work as far as I can tell. cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4
Hi, I tried to move the current PDC to another machine that have the same LDAP database. It didn't work... There is something about the machine account! How does samba handle this? i could not logon to the moved PDC, so i rejoined the domain (added my machine in TEMP workgroup, reboot, rejoin de domain, reboot), and then it worked! Is there any way i can bypass this? Yannick > -Original Message- > From: Tarjei Huse [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 04, 2002 2:24 PM > To: Yannick Tousignant > Subject: RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > Try samba-tng. > TH > Quoting Yannick Tousignant <[EMAIL PROTECTED]>: > > > > > That's exactly what i did, I replicated the ldap database > > beetween the 2 servers, so it's like im replicating > > linux users, and samba users. I copied the secrets.tdb > > from de pdc to de bdc (seems to be the new MACHINE.SID). > > But when i put "domain logons = yes" they all seems to > > authentificate oon the BDC, users that have allready logon > > once before the bdc was up still work, but logon script aren't > > executed, and users that never logged in don't work at all > > (user/passwd don't work at logon). It's pretty weird to me, > > maybe samba 2.2.4 is not suitable to have 2 servers that > > users can authetificate. > > > > Hope i can find a solution... > > > > > > Yannick > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On > > > Behalf Of Tarjei Huse > > > Sent: Tuesday, June 04, 2002 11:02 AM > > > To: Klaus Zahradnik > > > Cc: [EMAIL PROTECTED] > > > Subject: RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > > > > > > > > > > > > > Did you see the other BDC howto? Combine this with a replicated > > > openldap server > > > and I think you're done, although I've never had the need :) > > > > > > Tarjei > > > > > > > > > > > PLEASE!?! :o) > > > > > > > > Klaus > > > > > > > > On 4 Jun 2002 at 7:55, Cates, Brett wrote: > > > > > > > > > Can samba act as a BDC? I thought I read somewhere that it > > > can only be a > > > > > PDC or a member server. I could be wrong though... > > > > > > > > > > Brett > > > > > -Original Message- > > > > > From: Yannick Tousignant [mailto:[EMAIL PROTECTED]] > > > > > Sent: Tuesday, June 04, 2002 7:47 AM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > I'm trying to build a PDC and BDC to elimenate Windows NT on a > > > > > network and have load balancing and fault tolerence for users. > > > > > > > > > > I've compiled samba 2.2.4 on two servers, working with openldap > > 2.0.23 > > > > > with a master and a slave. Replication on LDAP servers works fine. > > > > > I've set up a domain controller and wanted to set the other server > > > > > as BDC in case the PDC goes down. Each time i put the > > > > > "domain logons = yes" option, some people can't log in, computers > > > > > seems to seek for a domain controler. Also, logon script aren't > > > > > executed upon login... When i disconnect network cable on the > > > > > PDC, users can log into the BDC fine but login script arenèt > > executed. > > > > > When i plug back the pdc, some users can't no longer login (bad > > user). > > > > > When i disconnect the BDC, everything work fine. > > > > > > > > > > For now i disabled the "domain logons = yes" on the BDC, > so there is > > > > > no load balancing and fault tolerence for users. =( > > > > > > > > > > > > > > > > > > > > Here is my smb.conf on both servers : > > > > > > > > > > > > > > > PDC : > > > > > > > > > > > > > > > > > > > > [global] > > > > > > > > > > netbios name = PDC > > > > > workgroup = OKA &g
RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4
That's exactly what i did, I replicated the ldap database beetween the 2 servers, so it's like im replicating linux users, and samba users. I copied the secrets.tdb from de pdc to de bdc (seems to be the new MACHINE.SID). But when i put "domain logons = yes" they all seems to authentificate oon the BDC, users that have allready logon once before the bdc was up still work, but logon script aren't executed, and users that never logged in don't work at all (user/passwd don't work at logon). It's pretty weird to me, maybe samba 2.2.4 is not suitable to have 2 servers that users can authetificate. Hope i can find a solution... Yannick > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Tarjei Huse > Sent: Tuesday, June 04, 2002 11:02 AM > To: Klaus Zahradnik > Cc: [EMAIL PROTECTED] > Subject: RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > > > Did you see the other BDC howto? Combine this with a replicated > openldap server > and I think you're done, although I've never had the need :) > > Tarjei > > > > > PLEASE!?! :o) > > > > Klaus > > > > On 4 Jun 2002 at 7:55, Cates, Brett wrote: > > > > > Can samba act as a BDC? I thought I read somewhere that it > can only be a > > > PDC or a member server. I could be wrong though... > > > > > > Brett > > > -Original Message- > > > From: Yannick Tousignant [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, June 04, 2002 7:47 AM > > > To: [EMAIL PROTECTED] > > > Subject: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > > > > > > > > > > Hi, > > > > > > I'm trying to build a PDC and BDC to elimenate Windows NT on a > > > network and have load balancing and fault tolerence for users. > > > > > > I've compiled samba 2.2.4 on two servers, working with openldap 2.0.23 > > > with a master and a slave. Replication on LDAP servers works fine. > > > I've set up a domain controller and wanted to set the other server > > > as BDC in case the PDC goes down. Each time i put the > > > "domain logons = yes" option, some people can't log in, computers > > > seems to seek for a domain controler. Also, logon script aren't > > > executed upon login... When i disconnect network cable on the > > > PDC, users can log into the BDC fine but login script arenèt executed. > > > When i plug back the pdc, some users can't no longer login (bad user). > > > When i disconnect the BDC, everything work fine. > > > > > > For now i disabled the "domain logons = yes" on the BDC, so there is > > > no load balancing and fault tolerence for users. =( > > > > > > > > > > > > Here is my smb.conf on both servers : > > > > > > > > > PDC : > > > > > > > > > > > > [global] > > > > > > netbios name = PDC > > > workgroup = OKA > > > os level = 64 > > > preferred master = yes > > > domain master = yes > > > local master = yes > > > security = user > > > encrypt passwords = yes > > > domain logons = yes > > > time server = yes > > > ldap suffix = dc=OKA > > > ldap admin dn = cn=ADMIN,dc=OKA > > > ldap ssl = off > > > ldap server = 127.0.0.1 > > > ldap port = 389 > > > logon path = > > > logon home = > > > logon script = users.bat > > > domain admin group = root > > > > > > > > > [netlogon] > > > > > > path = /home/netlogon > > > read only = yes > > > write list = root > > > > > > > > > > > > BDC : > > > > > > > > > > > > [global] > > > > > > netbios name = BDC > > > workgroup = OKA > > > security = user > > > encrypt passwords = yes > > > domain logons = yes > > > os level = 63 > > > local master = yes > > > domain master = no > > > time server = yes > > > ldap suffix = dc=OKA > > > ldap admin dn = cn=ADMIN,dc=OKA > > > ldap ssl = off > > > ldap server = 127.0.0.1 > > > ldap port =
RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4
Did you see the other BDC howto? Combine this with a replicated openldap server and I think you're done, although I've never had the need :) Tarjei > > PLEASE!?! :o) > > Klaus > > On 4 Jun 2002 at 7:55, Cates, Brett wrote: > > > Can samba act as a BDC? I thought I read somewhere that it can only be a > > PDC or a member server. I could be wrong though... > > > > Brett > > -Original Message- > > From: Yannick Tousignant [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, June 04, 2002 7:47 AM > > To: [EMAIL PROTECTED] > > Subject: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > > > > > > Hi, > > > > I'm trying to build a PDC and BDC to elimenate Windows NT on a > > network and have load balancing and fault tolerence for users. > > > > I've compiled samba 2.2.4 on two servers, working with openldap 2.0.23 > > with a master and a slave. Replication on LDAP servers works fine. > > I've set up a domain controller and wanted to set the other server > > as BDC in case the PDC goes down. Each time i put the > > "domain logons = yes" option, some people can't log in, computers > > seems to seek for a domain controler. Also, logon script aren't > > executed upon login... When i disconnect network cable on the > > PDC, users can log into the BDC fine but login script arenèt executed. > > When i plug back the pdc, some users can't no longer login (bad user). > > When i disconnect the BDC, everything work fine. > > > > For now i disabled the "domain logons = yes" on the BDC, so there is > > no load balancing and fault tolerence for users. =( > > > > > > > > Here is my smb.conf on both servers : > > > > > > PDC : > > > > > > > > [global] > > > > netbios name = PDC > > workgroup = OKA > > os level = 64 > > preferred master = yes > > domain master = yes > > local master = yes > > security = user > > encrypt passwords = yes > > domain logons = yes > > time server = yes > > ldap suffix = dc=OKA > > ldap admin dn = cn=ADMIN,dc=OKA > > ldap ssl = off > > ldap server = 127.0.0.1 > > ldap port = 389 > > logon path = > > logon home = > > logon script = users.bat > > domain admin group = root > > > > > > [netlogon] > > > > path = /home/netlogon > > read only = yes > > write list = root > > > > > > > > BDC : > > > > > > > > [global] > > > > netbios name = BDC > > workgroup = OKA > > security = user > > encrypt passwords = yes > > domain logons = yes > > os level = 63 > > local master = yes > > domain master = no > > time server = yes > > ldap suffix = dc=OKA > > ldap admin dn = cn=ADMIN,dc=OKA > > ldap ssl = off > > ldap server = 127.0.0.1 > > ldap port = 389 > > logon path = > > logon home = > > logon script = users.bat > > domain admin group = root > > > > [netlogon] > > > > path = /home/netlogon > > read only = yes > > write list = root > > > > > > === > > > > Hope i can do something about it... thanks! > > > > > > Yannick Tousignant > > === > > Gestion Informatique OKA ltée. > > Téléphone : (514) 282-9334 (#238) > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > Klaus Zahradnik > GO-PUBLIC.COM > > > GO-PUBLIC.COM Internet Relations GmbH > > A-2500 Baden, Weilburgstrasse 4 > http://GO-PUBLIC.com/ [EMAIL PROTECTED] > Phone: +43(0)2252-490 10-0 Fax: +43(0)2252-490 15 > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > Mob: 920 63 413 - This mail sent through IMP: http://horde.org/imp/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4
Nope, I just checked in a Book. It can't act as a Backup Domain Controler. :o( PLEASE!?! :o) Klaus On 4 Jun 2002 at 7:55, Cates, Brett wrote: > Can samba act as a BDC? I thought I read somewhere that it can only be a > PDC or a member server. I could be wrong though... > > Brett > -Original Message- > From: Yannick Tousignant [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 04, 2002 7:47 AM > To: [EMAIL PROTECTED] > Subject: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > > Hi, > > I'm trying to build a PDC and BDC to elimenate Windows NT on a > network and have load balancing and fault tolerence for users. > > I've compiled samba 2.2.4 on two servers, working with openldap 2.0.23 > with a master and a slave. Replication on LDAP servers works fine. > I've set up a domain controller and wanted to set the other server > as BDC in case the PDC goes down. Each time i put the > "domain logons = yes" option, some people can't log in, computers > seems to seek for a domain controler. Also, logon script aren't > executed upon login... When i disconnect network cable on the > PDC, users can log into the BDC fine but login script arenèt executed. > When i plug back the pdc, some users can't no longer login (bad user). > When i disconnect the BDC, everything work fine. > > For now i disabled the "domain logons = yes" on the BDC, so there is > no load balancing and fault tolerence for users. =( > > > > Here is my smb.conf on both servers : > > > PDC : > > > > [global] > > netbios name = PDC > workgroup = OKA > os level = 64 > preferred master = yes > domain master = yes > local master = yes > security = user > encrypt passwords = yes > domain logons = yes > time server = yes > ldap suffix = dc=OKA > ldap admin dn = cn=ADMIN,dc=OKA > ldap ssl = off > ldap server = 127.0.0.1 > ldap port = 389 > logon path = > logon home = > logon script = users.bat > domain admin group = root > > > [netlogon] > > path = /home/netlogon > read only = yes > write list = root > > > > BDC : > > > > [global] > > netbios name = BDC > workgroup = OKA > security = user > encrypt passwords = yes > domain logons = yes > os level = 63 > local master = yes > domain master = no > time server = yes > ldap suffix = dc=OKA > ldap admin dn = cn=ADMIN,dc=OKA > ldap ssl = off > ldap server = 127.0.0.1 > ldap port = 389 > logon path = > logon home = > logon script = users.bat > domain admin group = root > > [netlogon] > > path = /home/netlogon > read only = yes > write list = root > > > === > > Hope i can do something about it... thanks! > > > Yannick Tousignant > === > Gestion Informatique OKA ltée. > Téléphone : (514) 282-9334 (#238) > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > Klaus Zahradnik GO-PUBLIC.COM GO-PUBLIC.COM Internet Relations GmbH A-2500 Baden, Weilburgstrasse 4 http://GO-PUBLIC.com/ [EMAIL PROTECTED] Phone: +43(0)2252-490 10-0 Fax: +43(0)2252-490 15 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4
In this link : http://www.samba.org/samba/ftp/docs/htmldocs/Samba-BDC-HOWTO.html It seems possible to act like BDC as long as the PDC is a samba machine. I did everyting there, and both servers have the same secrets.tdb file. thanks for helping me! Yannick > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Cates, Brett > Sent: Tuesday, June 04, 2002 8:55 AM > To: 'Yannick Tousignant'; [EMAIL PROTECTED] > Subject: RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > Can samba act as a BDC? I thought I read somewhere that it can only be a > PDC or a member server. I could be wrong though... > > Brett > -Original Message- > From: Yannick Tousignant [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 04, 2002 7:47 AM > To: [EMAIL PROTECTED] > Subject: [Samba] PDC and BDC with LDAP and Samba 2.2.4 > > > > Hi, > > I'm trying to build a PDC and BDC to elimenate Windows NT on a > network and have load balancing and fault tolerence for users. > > I've compiled samba 2.2.4 on two servers, working with openldap 2.0.23 > with a master and a slave. Replication on LDAP servers works fine. > I've set up a domain controller and wanted to set the other server > as BDC in case the PDC goes down. Each time i put the > "domain logons = yes" option, some people can't log in, computers > seems to seek for a domain controler. Also, logon script aren't > executed upon login... When i disconnect network cable on the > PDC, users can log into the BDC fine but login script arenèt executed. > When i plug back the pdc, some users can't no longer login (bad user). > When i disconnect the BDC, everything work fine. > > For now i disabled the "domain logons = yes" on the BDC, so there is > no load balancing and fault tolerence for users. =( > > > > Here is my smb.conf on both servers : > > > PDC : > > > > [global] > > netbios name = PDC > workgroup = OKA > os level = 64 > preferred master = yes > domain master = yes > local master = yes > security = user > encrypt passwords = yes > domain logons = yes > time server = yes > ldap suffix = dc=OKA > ldap admin dn = cn=ADMIN,dc=OKA > ldap ssl = off > ldap server = 127.0.0.1 > ldap port = 389 > logon path = > logon home = > logon script = users.bat > domain admin group = root > > > [netlogon] > > path = /home/netlogon > read only = yes > write list = root > > > > BDC : > > > > [global] > > netbios name = BDC > workgroup = OKA > security = user > encrypt passwords = yes > domain logons = yes > os level = 63 > local master = yes > domain master = no > time server = yes > ldap suffix = dc=OKA > ldap admin dn = cn=ADMIN,dc=OKA > ldap ssl = off > ldap server = 127.0.0.1 > ldap port = 389 > logon path = > logon home = > logon script = users.bat > domain admin group = root > > [netlogon] > > path = /home/netlogon > read only = yes > write list = root > > > === > > Hope i can do something about it... thanks! > > > Yannick Tousignant > === > Gestion Informatique OKA ltée. > Téléphone : (514) 282-9334 (#238) > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC and BDC with LDAP and Samba 2.2.4
Can samba act as a BDC? I thought I read somewhere that it can only be a PDC or a member server. I could be wrong though... Brett -Original Message- From: Yannick Tousignant [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 04, 2002 7:47 AM To: [EMAIL PROTECTED] Subject: [Samba] PDC and BDC with LDAP and Samba 2.2.4 Hi, I'm trying to build a PDC and BDC to elimenate Windows NT on a network and have load balancing and fault tolerence for users. I've compiled samba 2.2.4 on two servers, working with openldap 2.0.23 with a master and a slave. Replication on LDAP servers works fine. I've set up a domain controller and wanted to set the other server as BDC in case the PDC goes down. Each time i put the "domain logons = yes" option, some people can't log in, computers seems to seek for a domain controler. Also, logon script aren't executed upon login... When i disconnect network cable on the PDC, users can log into the BDC fine but login script arenèt executed. When i plug back the pdc, some users can't no longer login (bad user). When i disconnect the BDC, everything work fine. For now i disabled the "domain logons = yes" on the BDC, so there is no load balancing and fault tolerence for users. =( Here is my smb.conf on both servers : PDC : [global] netbios name = PDC workgroup = OKA os level = 64 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes domain logons = yes time server = yes ldap suffix = dc=OKA ldap admin dn = cn=ADMIN,dc=OKA ldap ssl = off ldap server = 127.0.0.1 ldap port = 389 logon path = logon home = logon script = users.bat domain admin group = root [netlogon] path = /home/netlogon read only = yes write list = root BDC : [global] netbios name = BDC workgroup = OKA security = user encrypt passwords = yes domain logons = yes os level = 63 local master = yes domain master = no time server = yes ldap suffix = dc=OKA ldap admin dn = cn=ADMIN,dc=OKA ldap ssl = off ldap server = 127.0.0.1 ldap port = 389 logon path = logon home = logon script = users.bat domain admin group = root [netlogon] path = /home/netlogon read only = yes write list = root === Hope i can do something about it... thanks! Yannick Tousignant === Gestion Informatique OKA ltée. Téléphone : (514) 282-9334 (#238) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC and BDC with LDAP and Samba 2.2.4
Hi, I'm trying to build a PDC and BDC to elimenate Windows NT on a network and have load balancing and fault tolerence for users. I've compiled samba 2.2.4 on two servers, working with openldap 2.0.23 with a master and a slave. Replication on LDAP servers works fine. I've set up a domain controller and wanted to set the other server as BDC in case the PDC goes down. Each time i put the "domain logons = yes" option, some people can't log in, computers seems to seek for a domain controler. Also, logon script aren't executed upon login... When i disconnect network cable on the PDC, users can log into the BDC fine but login script arenèt executed. When i plug back the pdc, some users can't no longer login (bad user). When i disconnect the BDC, everything work fine. For now i disabled the "domain logons = yes" on the BDC, so there is no load balancing and fault tolerence for users. =( Here is my smb.conf on both servers : PDC : [global] netbios name = PDC workgroup = OKA os level = 64 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes domain logons = yes time server = yes ldap suffix = dc=OKA ldap admin dn = cn=ADMIN,dc=OKA ldap ssl = off ldap server = 127.0.0.1 ldap port = 389 logon path = logon home = logon script = users.bat domain admin group = root [netlogon] path = /home/netlogon read only = yes write list = root BDC : [global] netbios name = BDC workgroup = OKA security = user encrypt passwords = yes domain logons = yes os level = 63 local master = yes domain master = no time server = yes ldap suffix = dc=OKA ldap admin dn = cn=ADMIN,dc=OKA ldap ssl = off ldap server = 127.0.0.1 ldap port = 389 logon path = logon home = logon script = users.bat domain admin group = root [netlogon] path = /home/netlogon read only = yes write list = root === Hope i can do something about it... thanks! Yannick Tousignant === Gestion Informatique OKA ltée. Téléphone : (514) 282-9334 (#238) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
