Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
We've used slave ldap servers as our local office solution, it seems like PITA at first, but really its not much trouble... we redistribute old Optiplex GX100's with bigger IDE drives as the local pdc. Chris Smith Tomasz Chmielewski wrote: Michael Gasch schrieb: you could set up openldap to do syncrepl and have a full copy of your samba domain stuff that's in ldap. if the connection goes down, the ldap stuff is there and if you have it set up like a bdc, you can still login, etc. Yep, that's how it's normally done. what about setting up a BDC in the subnet the router can access by ethernet (builtin switch, subnet behind the router). this connection is alays on, isn´t it? It's a solution for a small office. A couple of workstations, this tiny router running Samba instead of a server; connection to the outside through ADSL, nothing more. When ADSL doesn't connect (because an employee disconnected the modem, because he needed a power outlet to make tee), we're in trouble. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
you could set up openldap to do syncrepl and have a full copy of your samba domain stuff that's in ldap. if the connection goes down, the ldap stuff is there and if you have it set up like a bdc, you can still login, etc. Yep, that's how it's normally done. what about setting up a BDC in the subnet the router can access by ethernet (builtin switch, subnet behind the router). this connection is alays on, isn´t it? greez -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
Michael Gasch schrieb: you could set up openldap to do syncrepl and have a full copy of your samba domain stuff that's in ldap. if the connection goes down, the ldap stuff is there and if you have it set up like a bdc, you can still login, etc. Yep, that's how it's normally done. what about setting up a BDC in the subnet the router can access by ethernet (builtin switch, subnet behind the router). this connection is alays on, isn´t it? It's a solution for a small office. A couple of workstations, this tiny router running Samba instead of a server; connection to the outside through ADSL, nothing more. When ADSL doesn't connect (because an employee disconnected the modem, because he needed a power outlet to make tee), we're in trouble. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
It's a solution for a small office. this solution also applies to a small office :) i know, you´re looking for caching, but as long as there´s no productive way with samba and caching (creds) you should go for a BDC greez -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
i guess the real question here is what is your interest? are you more interested in having the login functionality when the network link is down or are you more interested in toying with the notion of having samba run on a mini box? i can certainly help you with the former if you wish. i have set up an old linux box as a bdc at a remote location (my parent's house) to allow them all functionality of being in the domain even when their crappy dsl goes down and we lose the vpn link betweeen us. it works like a charm. My Website: http://messinet.com My Online Gallery: http://messinet.com/modules.php?name=Web_Linksl_op=visitlid=3 Michael Gasch wrote: It's a solution for a small office. this solution also applies to a small office :) i know, you´re looking for caching, but as long as there´s no productive way with samba and caching (creds) you should go for a BDC greez -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
ANTHONY JOSEPH MESSINA schrieb: i guess the real question here is what is your interest? are you more interested in having the login functionality when the network link is down or are you more interested in toying with the notion of having samba run on a mini box? Of course, being able to login at all times is one of the most important factors. Well, there are many factors; in the end I would like it to be a cheap and reliable domain controller for small offices: - cost - this mini router (it even has wireless) + USB stick cost less than a PC - it's small and compact - stability - there is no fan, no hard disk, no moving parts that can break - ease of (remote) management (when it's set up properly) - in case of any trouble, someone just turns the device off and on, it'll be up again in a matter of seconds - it's fun to do something new :) -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
ok, i'll go with you on this. so this mini-router, does it have a hard drive or a place that it could dynamically write data, because it seems to me that samba will need to write data at will and for sure, ldap with syncrepl or any caching program will need to write new data that is not static to someplace. what are the true capabilities of this router? the cheapy routers that use firmware woun't be able to dynamically write this data would they. any change to data would require a firmware upgrade. also, how would you manage the router remotely? ssh? a web interface? how would you alter any smb.conf settings? i agree your router would be a cool thing, but you have very little admin functionality. another option may be a refurb cheap computer with a cheap network card which would do the same thing, but give you total functionality. this is what i did for the bds at my parent's house. i got a dell outlet refurb for $240, installed fc4 and away we went. i do still like the idea though of a plug it in and it works system for stuff like this. My Website: http://messinet.com My Online Gallery: http://messinet.com/modules.php?name=Web_Linksl_op=visitlid=3 Tomasz Chmielewski wrote: ANTHONY JOSEPH MESSINA schrieb: i guess the real question here is what is your interest? are you more interested in having the login functionality when the network link is down or are you more interested in toying with the notion of having samba run on a mini box? Of course, being able to login at all times is one of the most important factors. Well, there are many factors; in the end I would like it to be a cheap and reliable domain controller for small offices: - cost - this mini router (it even has wireless) + USB stick cost less than a PC - it's small and compact - stability - there is no fan, no hard disk, no moving parts that can break - ease of (remote) management (when it's set up properly) - in case of any trouble, someone just turns the device off and on, it'll be up again in a matter of seconds - it's fun to do something new :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
ANTHONY JOSEPH MESSINA schrieb: ok, i'll go with you on this. so this mini-router, does it have a hard drive or a place that it could dynamically write data, because it seems to me that samba will need to write data at will and for sure, ldap with syncrepl or any caching program will need to write new data that is not static to someplace. what are the true capabilities of this router? It's ASUS WL-500g Deluxe. It has a 200 MHz broadcom/mipsel CPU, 4 MB flash, 32 MB ram, 2 USB2 ports, 5 network ports (to use as a switch or 5 separate network cards). I connected a USB stick to one of the USB ports and the root filesystem is there (instead of the 4 MB flash). The router costs about 70 euro / 80 usd. Capabilities? It's Linux, so it can do everything :) http://wiki.openwrt.org/TableOfHardware#head-34991459c386514e56db26b0f51743ce57d27af1 the cheapy routers that use firmware woun't be able to dynamically write this data would they. any change to data would require a firmware upgrade. Exactly - I replaced the original firmware with OpenWRT - http://openwrt.org - a distro for such small routers listed in the link I gave above. also, how would you manage the router remotely? ssh? a web interface? how would you alter any smb.conf settings? It has a basic web interface (for setting network, dns, gateway, wireless etc.), but yes, mostly with SSH. i agree your router would be a cool thing, but you have very little admin functionality. SSH - exactly the same admin functionality as with a PC. another option may be a refurb cheap computer with a cheap network card which would do the same thing, but give you total functionality. But this means noise, disk, fan etc. - I don't want that. this is what i did for the bds at my parent's house. i got a dell outlet refurb for $240, installed fc4 and away we went. So you paid 2x too much :) -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba LDAP caching when LDAP server unavailable -possible?
I was just visiting the opwrt site and noticed the open ldap is in their download section. Larry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tomasz Chmielewski Sent: Thursday, January 19, 2006 2:02 PM To: ANTHONY JOSEPH MESSINA; samba Subject: Re: [Samba] Samba LDAP caching when LDAP server unavailable -possible? ANTHONY JOSEPH MESSINA schrieb: ok, i'll go with you on this. so this mini-router, does it have a hard drive or a place that it could dynamically write data, because it seems to me that samba will need to write data at will and for sure, ldap with syncrepl or any caching program will need to write new data that is not static to someplace. what are the true capabilities of this router? It's ASUS WL-500g Deluxe. It has a 200 MHz broadcom/mipsel CPU, 4 MB flash, 32 MB ram, 2 USB2 ports, 5 network ports (to use as a switch or 5 separate network cards). I connected a USB stick to one of the USB ports and the root filesystem is there (instead of the 4 MB flash). The router costs about 70 euro / 80 usd. Capabilities? It's Linux, so it can do everything :) http://wiki.openwrt.org/TableOfHardware#head-34991459c386514e56db26b0f51743ce57d27af1 the cheapy routers that use firmware woun't be able to dynamically write this data would they. any change to data would require a firmware upgrade. Exactly - I replaced the original firmware with OpenWRT - http://openwrt.org - a distro for such small routers listed in the link I gave above. also, how would you manage the router remotely? ssh? a web interface? how would you alter any smb.conf settings? It has a basic web interface (for setting network, dns, gateway, wireless etc.), but yes, mostly with SSH. i agree your router would be a cool thing, but you have very little admin functionality. SSH - exactly the same admin functionality as with a PC. another option may be a refurb cheap computer with a cheap network card which would do the same thing, but give you total functionality. But this means noise, disk, fan etc. - I don't want that. this is what i did for the bds at my parent's house. i got a dell outlet refurb for $240, installed fc4 and away we went. So you paid 2x too much :) -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable -possible?
Larry McElderry schrieb: I was just visiting the opwrt site and noticed the open ldap is in their download section. It's the clients only + libs; no server. Anyway, I think it's not that hard to compile OpenLDAP server for it. The problem would be to authenticate the users against it - in other words, to make system see the users from the LDAP. It's pretty bare and small distro... :) -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
Andrew Bartlett schrieb: On Tue, 2006-01-17 at 10:16 -0500, William Burns wrote: Tomasz: I had heard that some people were interested in caching passwords (which could be stored in NIS, or LDAP) on linux laptops so that a user could log in even when disconnected from their LDAP or NIS domain. The theory was that the nss (name service switch) and nscd (name service cache daemon) system(s) could be tuned/modified to cache this information. As far as I know, this has not been done/tested for use w/ samba the way you describe. For this in an AD domain, there has been a lot of work done in Samba's trunk development tree for this (disconnected laptop) behaviour. Is there anything that might go to the stable anytime soon? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
could you set up a small instance of an ldap server along with samba on this small box and have it act like a bdc? you could set up openldap to do syncrepl and have a full copy of your samba domain stuff that's in ldap. if the connection goes down, the ldap stuff is there and if you have it set up like a bdc, you can still login, etc. just a thought, i'm fairly new at all this stuff. -anthony My Website: http://messinet.com My Online Gallery: http://messinet.com/modules.php?name=Web_Linksl_op=visitlid=3 Tomasz Chmielewski wrote: I've been using Samba with OpenLDAP with great success on normal servers. Recently however, it appeared to us that for remote locations it is more economically viable to replace Samba servers with Samba running on little routers like ASUS WL-500g with openwrt firmware/software. It has a broadcom/mipsel CPU, and thanks to openwrt (http://openwrt.org), it is possible to run lots of software on it. Pretty nice for small offices - small, no fan, no hard disk etc. other moving parts (you can connect a USB stick to it if you want to store files/profiles). There is one glitch however - no OpenLDAP port. So a Samba domain controller running on these tiny routers would have to authenticate users users against an external OpenLDAP server (probably in the company headquaters). My experience shows that a company with several branches located throughout the city/country/world have connectivity problems from time to time (especiall when there is no IT staff in the branches). With no local LDAP server this would mean users not able to work (as they can't authenticate). Is it possible to set up Samba to cache credentials retrieved from the LDAP, and when LDAP is unavailable, to use these cached credentials? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
ANTHONY JOSEPH MESSINA schrieb: could you set up a small instance of an ldap server along with samba on this small box and have it act like a bdc? That would be great indeed - the problem is, there is no OpenLDAP server port to that thingy yet :) you could set up openldap to do syncrepl and have a full copy of your samba domain stuff that's in ldap. if the connection goes down, the ldap stuff is there and if you have it set up like a bdc, you can still login, etc. Yep, that's how it's normally done. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba LDAP caching when LDAP server unavailable - possible?
I've been using Samba with OpenLDAP with great success on normal servers. Recently however, it appeared to us that for remote locations it is more economically viable to replace Samba servers with Samba running on little routers like ASUS WL-500g with openwrt firmware/software. It has a broadcom/mipsel CPU, and thanks to openwrt (http://openwrt.org), it is possible to run lots of software on it. Pretty nice for small offices - small, no fan, no hard disk etc. other moving parts (you can connect a USB stick to it if you want to store files/profiles). There is one glitch however - no OpenLDAP port. So a Samba domain controller running on these tiny routers would have to authenticate users users against an external OpenLDAP server (probably in the company headquaters). My experience shows that a company with several branches located throughout the city/country/world have connectivity problems from time to time (especiall when there is no IT staff in the branches). With no local LDAP server this would mean users not able to work (as they can't authenticate). Is it possible to set up Samba to cache credentials retrieved from the LDAP, and when LDAP is unavailable, to use these cached credentials? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
nscd? Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Tue, 17 Jan 2006, Tomasz Chmielewski wrote: I've been using Samba with OpenLDAP with great success on normal servers. Recently however, it appeared to us that for remote locations it is more economically viable to replace Samba servers with Samba running on little routers like ASUS WL-500g with openwrt firmware/software. It has a broadcom/mipsel CPU, and thanks to openwrt (http://openwrt.org), it is possible to run lots of software on it. Pretty nice for small offices - small, no fan, no hard disk etc. other moving parts (you can connect a USB stick to it if you want to store files/profiles). There is one glitch however - no OpenLDAP port. So a Samba domain controller running on these tiny routers would have to authenticate users users against an external OpenLDAP server (probably in the company headquaters). My experience shows that a company with several branches located throughout the city/country/world have connectivity problems from time to time (especiall when there is no IT staff in the branches). With no local LDAP server this would mean users not able to work (as they can't authenticate). Is it possible to set up Samba to cache credentials retrieved from the LDAP, and when LDAP is unavailable, to use these cached credentials? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
Tomasz: I had heard that some people were interested in caching passwords (which could be stored in NIS, or LDAP) on linux laptops so that a user could log in even when disconnected from their LDAP or NIS domain. The theory was that the nss (name service switch) and nscd (name service cache daemon) system(s) could be tuned/modified to cache this information. As far as I know, this has not been done/tested for use w/ samba the way you describe. See section: 2.1.4 The Name Service Caching Daemon http://www.saas.nsw.edu.au/solutions/ldap-auth-pam.html -Bill Tomasz Chmielewski wrote: I've been using Samba with OpenLDAP with great success on normal servers. Recently however, it appeared to us that for remote locations it is more economically viable to replace Samba servers with Samba running on little routers like ASUS WL-500g with openwrt firmware/software. It has a broadcom/mipsel CPU, and thanks to openwrt (http://openwrt.org), it is possible to run lots of software on it. Pretty nice for small offices - small, no fan, no hard disk etc. other moving parts (you can connect a USB stick to it if you want to store files/profiles). There is one glitch however - no OpenLDAP port. So a Samba domain controller running on these tiny routers would have to authenticate users users against an external OpenLDAP server (probably in the company headquaters). My experience shows that a company with several branches located throughout the city/country/world have connectivity problems from time to time (especiall when there is no IT staff in the branches). With no local LDAP server this would mean users not able to work (as they can't authenticate). Is it possible to set up Samba to cache credentials retrieved from the LDAP, and when LDAP is unavailable, to use these cached credentials? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
On Tue, 17 Jan 2006, Chris St. Pierre wrote: nscd? nscd is known to cause problems with Samba. Regards, --martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?
On Tue, 2006-01-17 at 10:16 -0500, William Burns wrote: Tomasz: I had heard that some people were interested in caching passwords (which could be stored in NIS, or LDAP) on linux laptops so that a user could log in even when disconnected from their LDAP or NIS domain. The theory was that the nss (name service switch) and nscd (name service cache daemon) system(s) could be tuned/modified to cache this information. As far as I know, this has not been done/tested for use w/ samba the way you describe. For this in an AD domain, there has been a lot of work done in Samba's trunk development tree for this (disconnected laptop) behaviour. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
