Re: [Samba] second samba pdc
On 6/9/08, Sven Buchstaller [EMAIL PROTECTED] wrote: Hello List, I have 2 samba domain on 2 physical Servers but the User Administration is over 1 LDAP Server. At the moment i become some errors on my first PDC box: I have the same setup, using 2 PDCs and one OpenLDAP server. However, for this to work you need either two distinct LDAP databases or at least two different LDAP BASEDNs, e.g. dc=domain1,dc=mycompany,dc=net dc=domain2,dc=mycompady,dc=net Otherwise the two domains will store user/machine/group data in the same LDAP hierarchy which will of cource cause trouble. HTH - Richard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] second samba pdc
HI Richard, THX for replay, thats not good news for me :( Am Mittwoch, 11. Juni 2008 12:56:33 schrieben Sie: On 6/9/08, Sven Buchstaller [EMAIL PROTECTED] wrote: Hello List, I have 2 samba domain on 2 physical Servers but the User Administration is over 1 LDAP Server. At the moment i become some errors on my first PDC box: I have the same setup, using 2 PDCs and one OpenLDAP server. However, for this to work you need either two distinct LDAP databases or at least two different LDAP BASEDNs, e.g. dc=domain1,dc=mycompany,dc=net dc=domain2,dc=mycompady,dc=net Otherwise the two domains will store user/machine/group data in the same LDAP hierarchy which will of cource cause trouble. HTH - Richard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] second samba pdc
On Wednesday 11 June 2008 05:56:33 Richard Foltyn wrote: On 6/9/08, Sven Buchstaller [EMAIL PROTECTED] wrote: Hello List, I have 2 samba domain on 2 physical Servers but the User Administration is over 1 LDAP Server. At the moment i become some errors on my first PDC box: I have the same setup, using 2 PDCs and one OpenLDAP server. However, for this to work you need either two distinct LDAP databases or at least two different LDAP BASEDNs, e.g. dc=domain1,dc=mycompany,dc=net dc=domain2,dc=mycompady,dc=net Otherwise the two domains will store user/machine/group data in the same LDAP hierarchy which will of cource cause trouble. HTH - Richard Actually, there are a few sites that run multiple domains in the same DIT. It does work, though there are a few challenges. Interdomain trusts need to be set up manually if a single DIT is shared across multiple domains (each having its own SID of course). The net utility can not be used to create the trust accounts. Also, the way winbind handles foreign SIDs needs to be handled carefulyl to avoid conflicts. The short answer is that it is a very bad practice to use and poor design to use a single DIT across multiple domains. It is much smarter to design and implement a separate DIT per domain as shown above. Cheers, - John T. -- John H Terpstra Samba-Team Member Phone: +1 (512) 970-0256 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] second samba pdc
Hello List, I have 2 samba domain on 2 physical Servers but the User Administration is over 1 LDAP Server. At the moment i become some errors on my first PDC box: smbd[16074]: sid S-1-5-21-3194266148-564761370-2586249389-101652 does not belong to our domain(Thats all hosts from the second PDC) * first samba Server SID = S-1-5-21-3991578539-3149662252-1894531253 * second samba Server SID = S-1-5-21-3194266148-564761370-2586249389 when i do: pdbedit -Lv pc011$ Unix username:pc011$ NT username: pc011$ Account Flags:[W ] User SID: S-1-5-21-3194266148-564761370-2586249389-101708 Primary Group SID:S-1-5-21-3991578539-3149662252-1894531253-513 Full Name:pcpo011 Home Directory: \\192.18.0.11\pc011_\.9xprofile HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\192.168.0.11\profiles\.msprofile Domain: DomB Account desc: pc011 Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Mo, 09 Jun 2008 11:41:49 CEST Password can change: Mo, 09 Jun 2008 11:41:49 CEST Password must change: So, 07 Sep 2008 11:41:49 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF I become under Primary Group SID S-1-5-21-3991578539-3149662252-1894531253-513 the SID from my first PDC but when i do on the second PDC the same command looks OK pdbedit -Lv pc011$ Unix username:pc011$ NT username: pc011$ Account Flags:[W ] User SID: S-1-5-21-3194266148-564761370-2586249389-101708 Primary Group SID:S-1-5-21-3194266148-564761370-2586249389-515 Full Name:pc011 Home Directory: \\samba-node2\pc011_\.9xprofile HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\samba-node2\profiles\.msprofile Domain: DomB Account desc: pc011 Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Mon, 09 Jun 2008 11:41:49 CEST Password can change: Mon, 09 Jun 2008 11:41:49 CEST Password must change: Wed, 09 Jul 2008 11:41:49 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF now my ask, need i the same samba localsid on both servers? or is it useless ? I hope someone can help MFG Sven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] second samba pdc
Hi Adam I have for DomA an BDC and work fine, but this is a second domain in an subnet for other users. MFG Sven Am Montag, 9. Juni 2008 15:14:17 schrieben Sie: why isn't one of the servers a BDC? Sven Buchstaller wrote: Hello List, I have 2 samba domain on 2 physical Servers but the User Administration is over 1 LDAP Server. At the moment i become some errors on my first PDC box: smbd[16074]: sid S-1-5-21-3194266148-564761370-2586249389-101652 does not belong to our domain(Thats all hosts from the second PDC) * first samba Server SID = S-1-5-21-3991578539-3149662252-1894531253 * second samba Server SID = S-1-5-21-3194266148-564761370-2586249389 when i do: pdbedit -Lv pc011$ Unix username:pc011$ NT username: pc011$ Account Flags:[W ] User SID: S-1-5-21-3194266148-564761370-2586249389-101708 Primary Group SID:S-1-5-21-3991578539-3149662252-1894531253-513 Full Name:pcpo011 Home Directory: \\192.18.0.11\pc011_\.9xprofile HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\192.168.0.11\profiles\.msprofile Domain: DomB Account desc: pc011 Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Mo, 09 Jun 2008 11:41:49 CEST Password can change: Mo, 09 Jun 2008 11:41:49 CEST Password must change: So, 07 Sep 2008 11:41:49 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF I become under Primary Group SID S-1-5-21-3991578539-3149662252-1894531253-513 the SID from my first PDC but when i do on the second PDC the same command looks OK pdbedit -Lv pc011$ Unix username:pc011$ NT username: pc011$ Account Flags:[W ] User SID: S-1-5-21-3194266148-564761370-2586249389-101708 Primary Group SID:S-1-5-21-3194266148-564761370-2586249389-515 Full Name:pc011 Home Directory: \\samba-node2\pc011_\.9xprofile HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\samba-node2\profiles\.msprofile Domain: DomB Account desc: pc011 Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Mon, 09 Jun 2008 11:41:49 CEST Password can change: Mon, 09 Jun 2008 11:41:49 CEST Password must change: Wed, 09 Jul 2008 11:41:49 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF now my ask, need i the same samba localsid on both servers? or is it useless ? I hope someone can help MFG Sven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] second samba pdc
why isn't one of the servers a BDC? Sven Buchstaller wrote: Hello List, I have 2 samba domain on 2 physical Servers but the User Administration is over 1 LDAP Server. At the moment i become some errors on my first PDC box: smbd[16074]: sid S-1-5-21-3194266148-564761370-2586249389-101652 does not belong to our domain(Thats all hosts from the second PDC) * first samba Server SID = S-1-5-21-3991578539-3149662252-1894531253 * second samba Server SID = S-1-5-21-3194266148-564761370-2586249389 when i do: pdbedit -Lv pc011$ Unix username:pc011$ NT username: pc011$ Account Flags:[W ] User SID: S-1-5-21-3194266148-564761370-2586249389-101708 Primary Group SID:S-1-5-21-3991578539-3149662252-1894531253-513 Full Name:pcpo011 Home Directory: \\192.18.0.11\pc011_\.9xprofile HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\192.168.0.11\profiles\.msprofile Domain: DomB Account desc: pc011 Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Mo, 09 Jun 2008 11:41:49 CEST Password can change: Mo, 09 Jun 2008 11:41:49 CEST Password must change: So, 07 Sep 2008 11:41:49 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF I become under Primary Group SID S-1-5-21-3991578539-3149662252-1894531253-513 the SID from my first PDC but when i do on the second PDC the same command looks OK pdbedit -Lv pc011$ Unix username:pc011$ NT username: pc011$ Account Flags:[W ] User SID: S-1-5-21-3194266148-564761370-2586249389-101708 Primary Group SID:S-1-5-21-3194266148-564761370-2586249389-515 Full Name:pc011 Home Directory: \\samba-node2\pc011_\.9xprofile HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\samba-node2\profiles\.msprofile Domain: DomB Account desc: pc011 Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Mon, 09 Jun 2008 11:41:49 CEST Password can change: Mon, 09 Jun 2008 11:41:49 CEST Password must change: Wed, 09 Jul 2008 11:41:49 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF now my ask, need i the same samba localsid on both servers? or is it useless ? I hope someone can help MFG Sven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] second samba pdc
they are different servers, hence the different SIDs. i'm not sure why you'd want to have 2 different servers with the same local SID if you're not doing a migration. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba